I have some pages on my site which use session variables but don't necessarily require a preset session variable to work correctly. In these cases, however, the PHPSESSID displays in the URL:
http://www.blah.net/test/blah.php?PHPSESSID=85320a4f5d2a31b127ebf4a1a9988dfb
Can I suppress this somehow?
Thanks in advance
Read the PHP Manual on session handling.
I tried to read from the Good Book. However, this particular area is 27 pages of discombobulated information. The manual just states things. It doesn't explain how they work.
You could do this
<IfModule mod_php4.c> php_value session.use_trans_sid 0 </IfModule>
Open notepad and copy that code in. Then save as '.htaccess' and upload to the root directory of your site
In the section on Session Handling Functions, under session.use_trans_sid, there is:
URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.
How do you modify it? Look above that section and you'll find:
The behaviour of these functions is affected by settings in php.ini.
Thanks, I understand now!
