Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

.htaccess Session Bypass?



3:06 am on Sep 20, 2009 (gmt 0)

5+ Year Member

I'm trying pass a session in a url but after passing it I'd like to hide it and make the browse display [domain.com...]

This is mainly for google analytics purposes. Google sees each [domain.com...] as a separate url which makes my statistics worthless.

So, I'd like to Rewrite [domain.com...] to [domain.com...] (which is not the issue) AND at the same time also pass the query string hidden.

I know I'm trying to do 2 things with 1 rule but I'm wondering if there's a way to do it without sessions.

The whole reason I'm passing a session id in the query string is because of visitors that have cookies/sessions disabled.

This is my code to use as a basis for discussion. The code doesn't make sense because it redirects to itself but I'm just pasting it for discussion purposes;

RewriteCond %{query_string} ^s=(.*)
RewriteRule ^(.*)/$ index.php?s=%1 [R=permanent,L,NC]

I want the function of the above but the url to merely display [domain.com...]

Is this possible? I'm also open (if possible) to pass the session id ($s) as a POST variable if possible with mod_rewrite?

Is this possible or should I just not even bother and look into an alternative (such as storing the session in a table based on visitor's IP and then retrieving it on the frontpage?)


4:44 am on Sep 20, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Mod_rewrite cannot "change a URL" or "hide" anything.

The "real" URL is the URL that you publish as a link on your page. That is what the client browser will request when the link is clicked, and that is what the user will see. Browsers will not request anything other than the visible link, because to do otherwise would be to create a rather huge security risk...

The link you publish on the page is also what search engoine robots will 'see,' and that is the URL they will link to in their search results listings.

Since mod_rewrite can't change the text and links on your pages, it's not of much help with your problem.

What mod_rewrite *can* do is to redirect an incoming request --ask the client to ask again for what it wanted using a new URL-- or it can modify the default URL-to-filepath mapping. That is, mod_rewrite can do a URL-to-URL (external) redirect, or it can do a URL-to-filepath (internal) translation.

So, if users have cookies disabled, then your only choice is to show whatever data is required for the site's operation to the user as a query string. If the client does support cookies, than don't use the query string method, just pass the session info to the client in a cookie, and the client will send that cookie back to the server with every subsequent request it makes that is within that cookie's defined "realm."

So the three main points are:

  • mod_rewrite can't provide a 100% gift-wrapped fix for this.
  • Sessions=cookies, and you should support the no-cookies users only to the limit of your convenience
  • Absolutely minimize the 'state' information that must be stored in a cookie or passed to the client as a query string.

As an added point, your site needs to be designed to work well enough without cookies for search engines to crawl the pages you want listed in search results. If this can't be done with the existing design, then you need a better design -- perhaps one without so many 'bells and whistles' on it, but one which is spiderable.

[soapbox] I see evidence of a lot of bad designs here in posts in this forum -- Forums, blogs, CMSes, etc. that were apparently designed from the feature-set on down, or from the database up. But the Web is a competitive arena, and it doesn't matter how cool your cart is, how pretty or feature-rich your forum template is, or how slick your database or CMS design is... If it doesn't optimally support text-based search engines, you're toast; If no-one can find you in search, you're just not going to do much business, and that's usually the whole point of many Web sites. [/soapbox]



9:20 am on Sep 22, 2009 (gmt 0)

5+ Year Member

Thank you for your comments and clarification.

As for the soap box / design of the site, here's what I'm trying to do.

I'm trying to track incoming visits through my various PPC campaigns. Obviously for the cookie-enabled this is not a problem. But due to the nature of my niche there's a larger than average percentage of paid visitors with cookies disabled or on non-windows systems.

I'd still like to track my conversions to justify my PPC campaigns.

Either way, I'm going with a 'bandaid' fix and track the source and conversions of visitors with no-cookies based on their IP. So the 'session id' becomes their IP and does not have a need to be stored client side or passed between pages. Obviously there's a small pitfall to this too but that's what makes it a bandaid solution.

Anyway, thanks for your input, I appreciate it.


1:24 pm on Sep 22, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Ugh... If tracking by REMOTE_ADDR IP address, beware of ISPs like AOL and Earthlink which interpose caching proxies between their subscribers and the "internet." The effect of these proxies is that the user's IP address will appear to change - and often, each user request will have a different IP address! :(

If you cannot find a reliable way to maintain your sessions for these users, then you may have to fall back on a statistical analysis of users with trackable sessions versus total users, and infer the CTR/CPM/CPC of your ads for cookie-less users from that of the users whom you *can* track...



Featured Threads

Hot Threads This Week

Hot Threads This Month