1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

getting rid of phpsessid

Discussion in 'PHP' started by sharpweb, Aug 15, 2005.

  1. #1
    I'm reasonably new to PHP and need to find out how to turn off those pesky phpsessid variables that show up in the url from time to time. From my understanding you need to do it thru the php.ini file, but what if you don't have access to that file???
    SEMrush
     
    sharpweb, Aug 15, 2005 IP
    SEMrush
  2. ResaleBroker

    ResaleBroker Active Member

    Messages:
    1,665
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    90
    #2
    You might add this line of code to your .htaccess file:
    php_value session.use_trans_sid 0
    PHP:
     
    ResaleBroker, Aug 15, 2005 IP
  3. sharpweb

    sharpweb Guest

    Messages:
    246
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #3
    thanks...seems to work
     
    sharpweb, Aug 15, 2005 IP
  4. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Will there be any implications if the phpsessid "cannot" be appended to the url? How will that affect session management?
     
    Connect, Aug 16, 2005 IP
  5. sharpweb

    sharpweb Guest

    Messages:
    246
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I think that as long as the user has cookies enabled then the phpsessid is useless...can anyone verify this?
     
    sharpweb, Aug 16, 2005 IP
  6. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #6
    How come for the same website, using the same IE and same computer, accessing the same link - sometimes the phpsessid comes out in the url, sometimes not?
     
    Connect, Aug 17, 2005 IP
  7. sharpweb

    sharpweb Guest

    Messages:
    246
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #7
    that I don't know....but I'd love to find out
     
    sharpweb, Aug 17, 2005 IP
  8. goldensea80

    goldensea80 Well-Known Member

    Messages:
    422
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    128
    #8
    You can use the following code to append Session id to the URL. I am not sure, but the parameter SID will either be empty or not (maybe depend on the PHP config and local computer?)

    
    //
    // Append $SID to a url. Borrowed from phplib and modified. This is an
    // extra routine utilised by the session code above and acts as a wrapper
    // around every single URL and form action. If you replace the session
    // code you must include this routine, even if it's empty.
    //
    function append_sid($url, $non_html_amp = false)
    {
    //    global $SID; // Hai: if you specify an global SID
        $SID=SID;
    //    $SID=$session_name.'='.session_id(); // Hai: use this to show SID always
        $session_name=session_name();
    
        if ( !empty($SID) && !eregi("$session_name=", $url) )
        {
            $url .= ( ( substr_count($url, '?') != false ) ?  ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID;
        }
    
        return($url);
    }
    
    PHP:
     
    goldensea80, Aug 20, 2005 IP
  9. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #9
    It's the 21st century, I believe everyone has cookies enabled in their browser ...
     
    Gmorkster, Aug 22, 2005 IP
  10. trevHCS

    trevHCS Peon

    Messages:
    40
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Assuming you're using PHP 4.2.0 or later, PHP firstly checks for a session ID cookie and if that wasn't passed by the browser it amends the SID= onto any href, form action and similar to ensure that the session is always kept alive.

    Usually by the second page the user hits this session ID cookie will be available so from that point on you won't see the SID= amended to anything. I have sometimes found this not to be absolutely strictly true, but generally it works. Prior to 4.2.0 you had to work out whether to add the session ID or not yourself.


    If you want to turn it off on a per script basis rather than for any script affected by .htaccess, this isn't officially possible until PHP5. However if you add this to the top of the script it'll turn that off by telling PHP to amend SIDs to, well, nothing.

    ini_set('url_rewriter.tags', ''); 
    Code (markup):

    The majority probably do, but there are still a significant number who don't have them on just like maybe 10% of the users don't have Javascript turned on (although there's more sense in that). Some are just ill-informed and some are paranoid....probably resulting from caffine overdoes! ;)

    Trev
     
    trevHCS, Aug 23, 2005 IP
  11. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #11
    I second that, I'm sometimes tempted to disable cookies when I've had too much coffee! :D

    Re: ini_set(), keep in mind that some hosts have this function disabled (GoDaddy for example) -- probably for security reasons. So if you want your code to be portable, make it a habbit out of doing something like

    $ok = @ini_set('blah', 'bleh');
    if (!$ok) {
    //...oops do something
    }
     
    Gmorkster, Aug 23, 2005 IP
  12. sharpweb

    sharpweb Guest

    Messages:
    246
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Trev,
    was your answer in response to this? I have cookies enabled and sometimes see the phpsessid. I've changed my htaccess file so they don't show now. This seems like a minor problem, but I really don't want the search engines to see the phpsessid. Thanks
     
    sharpweb, Aug 23, 2005 IP
  13. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #13
    Why on the first page the session id cannot be set to the cookie and need to be appended to the href and form action? - on the 2nd page and subsequent pages there is no problem assigning the session id to the cookie as the session id is not in hrefs anymore.

    If we turned of PHPSESSID in .htaccess, will there be any problem when we want to use session in our scripts but the client's cookie is disabled?
     
    Connect, Aug 24, 2005 IP
  14. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Are you initializing the session after you output content to the browser?

    No, but the spiders won't like it. You could remove the SESSIONID string from the URL if the user agent string matches a certain criteria (look for msnbot, yahoo, ia_archiver, googlebot and others you might find).
     
    Gmorkster, Aug 24, 2005 IP
  15. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #15
    I have these 2 lines after some HTML tags (like tables, etc):
    session_cache_limiter("");
    session_start();

    If I just turn of PHPSESSID, there will be problem using session on browsers with cookies turned off, right?
     
    Connect, Aug 24, 2005 IP
  16. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #16
    put those lines *before* you output any content to the client (including HTTP headers).
    And yes, if you have PHPSESSID turned off and browser cookies off as well, sessions won't work.
     
    Gmorkster, Aug 25, 2005 IP
  17. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #17
    Gmorkster, ok will try that. Thanks.
     
    Connect, Aug 25, 2005 IP