homepage Welcome to WebmasterWorld Guest from 54.204.168.212
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
session.use_only_cookies
URL's without session ID - no success with htaccess and ini_set
captainhannes

10+ Year Member



 
Msg#: 1375 posted 7:16 pm on Jul 22, 2003 (gmt 0)

Hi all!

Users can login at my site, but I want to avoid session ID's in the URL's due optimizing for search engines.

I already tried

ini_set("session.use_only_cookies", "on");
ini_set("session.use_only_cookies", "1");
ini_set("session.use_only_cookies", 1);

or in .htaccess

php_flag session.use_only_cookies on

but nothing works.
Any ideas why everything fails?
(I have only webspace, so I don't have access to php.ini)
(PHP4.1.2 on Linux)

Thank you all very much in advance!

Best regards,
Hannes.

 

ProfMoriarty

10+ Year Member



 
Msg#: 1375 posted 8:48 pm on Jul 22, 2003 (gmt 0)

Hello captain,

as written in the online manual:

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

So you canīt modify this setting with your PHP version.

See [php.net...] for further information.

Best,

Lars

captainhannes

10+ Year Member



 
Msg#: 1375 posted 4:53 pm on Jul 23, 2003 (gmt 0)

Thank you Professor :-)

I missed this little detail about the version somehow.

Currently I do not start the session when the reverse lookup of the IP matched to /google/, so this works quite fine, but it fails for other search engines.

Well, I think I must wait until my ISP upgrades the version to 4.3.0 ...

Thanks again!

All the best,
Hannes.

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 1375 posted 4:55 pm on Jul 23, 2003 (gmt 0)

i guess you'll have to match the other search engines too i'm afraid...

or how about matching users? just match all the browsers you can think of - and add in X11, XP, ME, 98, MacOS etc... that should cover just about all human user's UA strings!

captainhannes

10+ Year Member



 
Msg#: 1375 posted 8:31 pm on Jul 23, 2003 (gmt 0)

Vince,

the UA idea is perfect! Thanks a lot! :-)

All the best,
Hannes.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved