Disabling the PHPSESSID in the Query String
15 08 2006If you’ve worked with PHP sessions, probably your URL looked something like this:
http://www.yourdomain.com/page.php?PHPSESSID=59aa95ad46cd67d82ba0f812407326dd
If you don’t like the PHPSSID being displayed in the query string, you might have wondered how to disable it.
Well, a way to disable it is by setting session.use_trans_sid to off in your php.ini. However, if you don’t have access to the php.ini file because you’re hosting your site on a shared server, then, you can accomplish this by using a .htaccess file*.
The following example worked for me:
<IfModule mod_php4.c> php_flag session.use_trans_sid off </IfModule>
That’s it! I hope this helps.
––––
*Make sure your hosting provider allows .htaccess files.
when you switch it off like that. is it still possible to track the ID internally for shopping-cart issues?
Yes, you can with the sessiion cookie. In other words, since you’re not
passing the session ID in query string, a session cookie will be
created. Of course, you can retrieve its value like so:
$phpsessid = $_COOKIE['PHPSESSID'];I always use a session_id() based on the user’s ip + the app name, this way I won’t have to send it through the url…
yes but sometimes, we may not have access to .htaccess file. at that point it could be achieved using ini_set function.
ini_set(‘session.use_trans_sid’, ‘Off’);
In case if you need to get session id then you can use
$_REQUEST["PHPSESSID"];