PHPSESSID in URL

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • O.B.
    #1

    PHPSESSID in URL

    Using PHP 4.3.4, I have a problem where some web pages appear and the
    links all have PHPSESSID=4094c 333eb638b1e8c25 632212079e05 attached to
    them. The HTML code itself does not have this text. Also, this
    behavior quickly disappears after the first few clicks of browsing.

    The site in question is located at http://www.havenbaptist.org/

    Tags: None
    • Adriaan
      #2
      Re: PHPSESSID in URL

      "O.B." wrote[color=blue]
      > Using PHP 4.3.4, I have a problem where some web pages appear and the
      > links all have PHPSESSID=4094c 333eb638b1e8c25 632212079e05 attached to
      > them. The HTML code itself does not have this text. Also, this
      > behavior quickly disappears after the first few clicks of browsing.[/color]

      When using sessions, PHP needs to figger out whether or not cookies are
      enabled. If not, PHP will fall back to so-called "URL rewriting" that : it
      appends the session id to any (relative) URL.

      However, PHP cannot tell if the cookie was accepted until the browser
      requests the 2nd page. If the cookie is accepted then PHP will be sent the
      value of that cookie when the visitor clicks a link. If it does, PHP will
      then stop the URL rewriting for all further pages. If PHP is not sent the
      cookie value, then PHP keeps using the rewriting. So, just in case cookies
      are not enabled, PHP uses both the cookie and URL rewriting for the very
      first page that is shown to the visitor, for otherwise PHP would never know
      if a request is the first page or not.

      Just check with, for example Mozilla Firefox or strict cookie settings in
      Internet Explorer.

      So, as any link on the very first page will show this PHP session id, you
      could try to make a page that has no links at all. Like use

      // in index.php
      header("Locatio n: my2ndpage.php") ;

      to have PHP figger out the cookie thing on an empty index.php page... You
      could also disable URL rewriting, but then there's no fall back mechanism
      for your sessions. If you're not using any session at all, then there must
      be some setting that starts a session automatically.

      Adriaan


        Comment

        • Adriaan
          #3
          Re: PHPSESSID in URL

          "Adriaan" wrote[color=blue]
          > // in index.php
          > header("Locatio n: my2ndpage.php") ;[/color]

          Obviously, prior to redirecting the visitor to the second page, you should
          also start the session in index.php (if it is not started automatically).

          Note that the same result would, automatically, be achieved when using
          frames. PHP will send the cookie when index.php (defining the frameset) is
          requested, and will get the cookie value back when the frames themselves are
          loaded. That's all PHP needs to know to stop the URL rewriting.

          Adriaan


            Comment

            Previous template Next
            Working...