DarqFlare Posted May 13, 2004 Posted May 13, 2004 Hey Raul. I'm back for a new round of PHP! Ok, so here's the thing. I've got sessions running on all my websites on every page load. My main site is OMGN. As you can see, it automatically appends the SID into any links. I did some looking around on the php.net website and found that it can be configured to turn off appending the ID and just using cookies to do the session management. I want to turn this off for a variety of reasons, but my top 2 are: 1) Security risks and oddities when users see those things. 2) Google can't accurately serve up advertisements on a page that has a session ID appended. How do I turn off the automatic appendation of the ID on links and tell it to use only cookies? The session.use_only_cookies variable controls it in php.ini, but I need to activate that variable for my website... It obviously isn't activated on TCH. Quote
DarqFlare Posted May 13, 2004 Author Posted May 13, 2004 Never mind. I got it: >php_value session.use_trans_sid 0 Used that in HTACCESS. Works like a charm! Quote
LisaJill Posted May 13, 2004 Posted May 13, 2004 Aw heck I would have been thrilled with this a few weeks ago, but I got rid of that script... *sighs*. Quote
DarqFlare Posted May 13, 2004 Author Posted May 13, 2004 So get it back so you can use what I've discovered! lol Quote
borfast Posted May 13, 2004 Posted May 13, 2004 Glad you got it working, Robert One question: did you think about the possibility of someone not having cookies enabled? Quote
Frylock Posted May 19, 2004 Posted May 19, 2004 One question: did you think about the possibility of someone not having cookies enabled? I know I did before I took out sid's.... And I say **** 'em! (hehe... cept I'm not kidding.. they can still read it, they just can't reply... thank god) Quote
DarqFlare Posted May 19, 2004 Author Posted May 19, 2004 Yeah, I thought about people not having cookies enabled... I guess that means they'll have a tougher time viewing my site. I'm willing to take that risk in order to promote website security and better URLs. Quote
Croy Posted May 22, 2004 Posted May 22, 2004 Yep, in the end I decided to scrap the session IDs for my site to. So far I have only had one person refuse to come back over it. The dangers far outway to benefits. One thing I do need to work on is a warning msg telling the user there login failed because cookies were turned off. Quote
DarqFlare Posted May 22, 2004 Author Posted May 22, 2004 My sessions run on every page load for different reasons, even if they're not logged in. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.