Disabling the PHPSESSID in the Query String

If you’ve worked with PHP sessions, probably your URL looked something like this:

http://www.yourdomain.com/page.php?PHPSESSID=59aa95ad46cd67d82ba0f812407326dd

If you don’t like the PHPSSID being displayed in the query string, you might have wondered how to disable it.

Well, a way to disable it is by setting session.use_trans_sid to off in your php.ini. However, if you don’t have access to the php.ini file because you’re hosting your site on a shared server, then, you can accomplish this by using a .htaccess file*.

The following example worked for me:

<IfModule mod_php4.c>
     php_flag session.use_trans_sid off
</IfModule>

That’s it! I hope this helps.
––––

*Make sure your hosting provider allows .htaccess files.

This entry was written by Juan, posted on August 15, 2006 at 10:28 pm, filed under Apache Server, English, PHP, Web Development. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.

4 Comments

Marius

Posted October 21, 2006 at 12:39 am | Permalink

when you switch it off like that. is it still possible to track the ID internally for shopping-cart issues?
Juan Wong

Posted October 21, 2006 at 1:03 am | Permalink

Yes, you can with the sessiion cookie. In other words, since you’re not
passing the session ID in query string, a session cookie will be
created. Of course, you can retrieve its value like so:

$phpsessid = $_COOKIE['PHPSESSID'];
Webdesign

Posted March 25, 2007 at 7:58 am | Permalink

I always use a session_id() based on the user’s ip + the app name, this way I won’t have to send it through the url…
freemind

Posted May 24, 2007 at 2:18 am | Permalink

yes but sometimes, we may not have access to .htaccess file. at that point it could be achieved using ini_set function.

ini_set(‘session.use_trans_sid’, ‘Off’);

In case if you need to get session id then you can use
$_REQUEST["PHPSESSID"];