Having PHPSESSID=

Vicky! · July 2nd, 2008, 6:29 AM

I installed a script on my shared hosting account, and it started showing PHPSESSID= in the URLs. I talked to the script's customer service and was told its something host need to resolve at their end.

What can be done in this case? Should I open ticket or something?

Please guide.

**patrickb** · July 2nd, 2008, 3:43 PM

Have a look at YOUmoz | Removing ?PHPSESSID from a URL for a solution to your problem. The second method using a .htaccess will be the best bet. I don't remember seeing those session tags in URL's on any websites hosted with Surpass before, so it may just be that the global setting is turned on for your server for some odd reason. Wouldn't hurt to email tech support and see if they can change that as well.

Vicky! · July 2nd, 2008, 4:06 PM

Quote:

Originally Posted by patrickb

Have a look at YOUmoz | Removing ?PHPSESSID from a URL for a solution to your problem. The second method using a .htaccess will be the best bet. I don't remember seeing those session tags in URL's on any websites hosted with Surpass before, so it may just be that the global setting is turned on for your server for some odd reason. Wouldn't hurt to email tech support and see if they can change that as well.

I tried that, didnt work. Now sending them email.

**MarkRH** · July 2nd, 2008, 4:11 PM

Yeah, PHP should be setup on the server with the following settings:

session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0

bits taken from the PHP.INI I'm using:

Code:

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_only_cookies = 1

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

Support should be able to correct this if those values are not being used.

If people are using links that have the PHPSESSID on them.. the following will remove it.. mainly for search bots to get the correct URL without the PHPSESSID: (this would go in the .htaccess file)

Code:

#rewrite to remove session ids
RewriteEngine On
RewriteCond %{QUERY_STRING} (.*)PHPSESSID=
RewriteRule (.*) /$1?%1 [R=301,L]

July 2nd, 2008, 6:29 AM	#1 (permalink)
Vicky! Registered User Fresh Surpasser Joined in Jun 2007 6 posts Gave thanks: 0 Thanked 0 times	Having PHPSESSID= I installed a script on my shared hosting account, and it started showing PHPSESSID= in the URLs. I talked to the script's customer service and was told its something host need to resolve at their end. What can be done in this case? Should I open ticket or something? Please guide.

July 2nd, 2008, 3:43 PM	#2 (permalink)
patrickb the one who was Super #1 Joined in Jul 2003 Lives in Memphis 1,967 posts Gave thanks: 0 Thanked 3 times	Have a look at YOUmoz \| Removing ?PHPSESSID from a URL for a solution to your problem. The second method using a .htaccess will be the best bet. I don't remember seeing those session tags in URL's on any websites hosted with Surpass before, so it may just be that the global setting is turned on for your server for some odd reason. Wouldn't hurt to email tech support and see if they can change that as well. __________________ Patrick Warnings: The program(s) might crash unexpectedly or behave otherwise strangely. (But of course, so do many commercial programs on Windows.) --www.gimp.org

July 2nd, 2008, 4:11 PM	#4 (permalink)
MarkRH Race Surpass Super #1 Joined in Jul 2006 Lives in Oklahoma City, OK Hosted on sh102 1,222 posts Gave thanks: 18 Thanked 86 times	Yeah, PHP should be setup on the server with the following settings: session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 bits taken from the PHP.INI I'm using: Code: ; Whether to use cookies. session.use_cookies = 1 ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. session.use_only_cookies = 1 ; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. session.use_trans_sid = 0 Support should be able to correct this if those values are not being used. If people are using links that have the PHPSESSID on them.. the following will remove it.. mainly for search bots to get the correct URL without the PHPSESSID: (this would go in the .htaccess file) Code: #rewrite to remove session ids RewriteEngine On RewriteCond %{QUERY_STRING} (.)PHPSESSID= RewriteRule (.) /$1?%1 [R=301,L] __________________ SH102 : Mark Headrick - Blog - Gallery Pelicar \| Company of Valor \| Mysstie Wolfestar

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)