I second this question!

sometimes this happens and sometimes it does not, I would like to know how to stop it from happening. its really lame when a user sends somone an email with a URL in it and the the session id is in the URL so they think they have to copy and paste the whole thing then the next thing you know you have a bunch of people setting a favorite or a homepage with a session ID in the address

BTW daok you play NWN? i used to play it and somone used the name daok on there

if you have cookies turned off for sessions this is the only way for php to know what session to associate the user with. you can try turning use_trans_sid on and this should only appear on all links when the session is first initiated, and from then on they will not appear in the links. it is really insecure to always have them appear especially if sensitive data such as login data is stored in the session. if these sid's are shared with others, it could result in other people being logged in to the other perons account.

see "passing the session id"

Originally posted by hiberphoptik
I second this question!

sometimes this happens and sometimes it does not, I would like to know how to stop it from happening. its really lame when a user sends somone an email with a URL in it and the the session id is in the URL so they think they have to copy and paste the whole thing then the next thing you know you have a bunch of people setting a favorite or a homepage with a session ID in the address

BTW daok you play NWN? i used to play it and somone used the name daok on there

The only game I played with that name is about 1year ago at WOW sorry I do not know NWN.

Originally posted by drew010
if you have cookies turned off for sessions this is the only way for php to know what session to associate the user with. you can try turning use_trans_sid on and this should only appear on all links when the session is first initiated, and from then on they will not appear in the links. it is really insecure to always have them appear especially if sensitive data such as login data is stored in the session. if these sid's are shared with others, it could result in other people being logged in to the other perons account.

see "passing the session id"

Here is the phpinfo of my webserver : http://axanti6.com/variables.php

I see that it's already on, why do I still have the ID in the url then?

i visited the page in the first post (http://www.apprentifinancier.com/index.php) and the session id only appeared the first time, and after i clicked a link, it never appeared again.

Originally posted by drew010
i visited the page in the first post (http://www.apprentifinancier.com/index.php) and the session id only appeared the first time, and after i clicked a link, it never appeared again.

You are right but I would like to never see it. I contacted the webmaster to turn off the session_id (lime my local server, like that I might not have this weird PHPSESSID).

just put
ini_set("use_only_cookies", 1);
at the top of all your scripts. it wont ever pass the sid via GPC but your ALL of your visitors MUST have cookies enabled for whatever you are using sessions for to work.

Originally posted by drew010
just put
ini_set("use_only_cookies", 1);
at the top of all your scripts. it wont ever pass the sid via GPC but your ALL of your visitors MUST have cookies enabled for whatever you are using sessions for to work.

Done, I still see it 1 time :\ I copy and paste the code you posted at the first line of index.php.

yeah, try
ini_set("session.use_only_cookies", 1);

Originally posted by drew010
yeah, try
ini_set("session.use_only_cookies", 1);

Done, I can still see the same PHPSESSID :queasy:

you have session.use_trans_sid = ON in your php.ini file. that is why PHP is appending all internal links with the session name/id.

Originally posted by devinemke
you have session.use_trans_sid = ON in your php.ini file. that is why PHP is appending all internal links with the session name/id.

So there's no way to get rid of it :eek: (I can't modify php.ini)

you can either create your own local php.ini or you can put the following at the top of your scripts:

ini_set('session.use_trans_sid', 0);

Thx