PHPSESSID automatically in URL

Anon

Why does PHPSESSID persist in coming in the URL when I have enable-trans-sid

This seems to only happen when a session is first started (although I can't be sure) and if you manually remove it from the URL after that point it will not come back.

Please tell me how I can stop this from happening. I'm trying to generate cached pages but this PHPSESSID keeps showing up so when these cached pages are used in the future they will conflict with user's PHPSESSID's in their cookie's

thanks,

colin

Anon

easy, recompile without the enable-trans-sid switch, which does just what you are saying you don't want, session id propagation via urls.

Note you will have to have cookies enabled on clients to make sessions work without enable-trans-sid.

Anon

Oh, that's the way it means it. I thought it meant that it enabled tranparent setting of the PHPSESSID.

thanks for the info!!

Anon

You don't have to have cookies enabled to use sessions with session.use_trans_sid = 0

You can pass the session info from page to page using URL's instead of cookies.

How? Manually append "?<?=SID?>" to all the URL's where you want to maintain sessions. On form submittals you will want to make a hidden field named PHPSESSID and give it the value <?$PHPSESSID?>.

Interestingly, you can change the name of your global PHPSESSID variable in php.ini

session.name = PHPSESSID

I changed this to session.name=ANCH_ORG just to be different and now I have to access all session variables with $ANCH_ORG instead of $PHPSESSID but it still works.