Unwanted URL appendings...

gvanto

I have just managed to have users log in, (and using session variables) but now I get a nasty addition to the end of my urls:

http://www.thecrazywebsite.com/MaxPayne.html?PHPSESSID=7193317962e286f53c56495b27a8b251

instead of just: http://www.thecrazywebsite.com/MaxPayne.html

Anyone got ideas on how to get rid of this (very nasty) phenomenom?

Help appreciated,
Gerry
sessions-newbie

MarkR

You are getting this because you're using session IDs in the query string. This is both unpleasant and a security risk; it exist only to support browsers which have no cookie support.

If you can live with restricting access to browsers with cookie support, enable the setting session.use_only_cookies (e.g. with ini_set) before you call session_start.

Mark

gvanto

Thanks alot Mark. Problem solved!

gvanto

Hi Mark (or whoever!)

ACtually, I made a mistake: the problem is not solved: that long string PhpID=234534534 is still being attached (it simply wasn't there when I refreshed the page, making me think the problem was solved)

I actually did a test to check the session.use_only_cookies setting as such:

echo ini_get("session.use_only_cookies"); (which I ran in test.php, on the online server)

and the result was "1" !
(So the ini_set('session.use_only_cookies', '1'); i used before wasn't really making much difference)

So perhaps something else is adding these nasty URL appendixes??

Any ideas?
Gerry

ClarkF1

It it your browser settings???

It may be the security settings for your browser than mean the session isn't being stored as a cookie.

I've clicked on everything I can click on on that site and didn't get that result when I enabled cookies on my browser

gvanto

I am pretty sure cookies are enabled on my browser...(otherwise the 'remember me' of the login feature wouldnt work - and it does)

You didn't get what result when you enabled cookies?

I checked it at a friend's house last night and it still has the "PHPIDSESSION=345fg" additions...(and he has cookies enabled) ???

This is even after I did:
ini_set('session.use_only_cookies', '1');
session_start();

...any ideas?

Gerry

ClarkF1

I didn't get the PHPSESSID= in the url

That was in Firefox.......I didn't try it in IE

gvanto

Hmmm I just started my FireFox up and still get the URLs with that nasty addition....

Are you sure you didnt just refresh the page? (which seems to temporarily solve the problem until the next day / next few hours after which the string shows up again!!)

Perhaps its something to do with my host??

I noticed you didn't activate ur account ClarkF1 - can i just ask is that because u didnt get the activation email ?? (cause alot of the signed up users i find still have unactivated accounts)

Cheerio,
Gerry

ClarkF1

yep........no email received

I checked my SPAM folders too, nothing in there.

gvanto

F* !!!

ClarkF1

If you want to use my email address as a testing address and for me to provide feedback, I'd be quite happy for you to (as long as it's not too many)

I'd let you know here as soon as I got them (if I'm around)