I was looking through my stat tracker this morning and I saw that someone had clicked a link with "PHPSESSID=bf5099619598c6b47daf753358954136" at the end of the URL... I've never seen anything like that before and was wondering. Is this normal or something I might need to worry about? I use Drupal.
Those are PHP sessions, I'm not expert with Drupal, but that probably appeared because an user had cookies disabled.
This might help you out: http://baheyeldin.com/drupal/how-to-get-rid-of-phpsessid-in-drupal-and-other-php-applications.html
Ghoti, I'll go read that article right away... *sigh* The reason I use a CMS is because I'm not a coder and don't ever plan to be... things like this really irritate me because now I have to take my time to fix something that should not be broken in the first place (in my opinion)... Edit: Okay, this seems like the easiest fix for a coding dummy: Using .htaccess However, not all hosts allow that. So often, you need to put the following two lines in the .htaccess file, if your host is using PHP as an Apache module: php_value session.use_only_cookies 1 php_value session.use_trans_sid 0 Code (markup): Now, how do I know if my host is "using PHP as an Apache module"? I don't even know what that means, hehe... Will it hurt anything if I just stick the above code into my .htaccess file and hope for the best?
It shouldn't hurt, no. And if it does, you can just delete the file (it should definitely not do any permanent damage). To be honest, though, I would suggest against forcing using cookies for session management. For whatever reason, that user was not accepting cookies from your site. PHP worked around that by adding that PHPSESSID. If you force the use of cookies, that particular user's 'experience' will be broken. I mean it's your call, but I see no reason why you want to do this in the first place...
Okay, so you saying you think I should just leave well enough alone and not make any changes at all? (that sounds like the best option so far! hehe) I'm really confused. There is SO much to learn and just when I think I'm sailing along smoothly some other little buggie rears its ugly head...
I would leave it as it is. That PHPSESSID is not a bad thing (in fact, it's kind of good). Let's just say that as far as I'm concerned, any changes with regards to that would overall have a negative effect.
You should not be bothered. the pourpose is served so i suggest you dont change anything. If it breaks somehow, you will have lot more trouble fixing it
Oops... I guess my last post was a bit misleading because the link was pretty much totally against the PHPSESSID in the URL. He mentioned two reasons why: If the PHPSESSID doesn't show up for anyone with admin-type rights on your website, I wouldn't bother to make any changes.
That's what got me nervous... I don't want to knowingly run a site with any kind of security risk, either for myself or my visitors... the way I noticed the PHPSSID was in one of my stat trackers - I don't think it shows up anywhere else for anyone... so you think it is okay to just leave it alone and not make changes? I did ask on the Drupal forums for advice also and waiting to see what they say...