Welcome to WebmasterWorld Guest from 54.242.94.72

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

session.use_only_cookies

URL's without session ID - no success with htaccess and ini_set

     

captainhannes

7:16 pm on Jul 22, 2003 (gmt 0)

10+ Year Member



Hi all!

Users can login at my site, but I want to avoid session ID's in the URL's due optimizing for search engines.

I already tried


ini_set("session.use_only_cookies", "on");
ini_set("session.use_only_cookies", "1");
ini_set("session.use_only_cookies", 1);

or in .htaccess

php_flag session.use_only_cookies on

but nothing works.
Any ideas why everything fails?
(I have only webspace, so I don't have access to php.ini)
(PHP4.1.2 on Linux)

Thank you all very much in advance!

Best regards,
Hannes.

ProfMoriarty

8:48 pm on Jul 22, 2003 (gmt 0)

10+ Year Member



Hello captain,

as written in the online manual:

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

So you canīt modify this setting with your PHP version.

See [php.net...] for further information.

Best,

Lars

captainhannes

4:53 pm on Jul 23, 2003 (gmt 0)

10+ Year Member



Thank you Professor :-)

I missed this little detail about the version somehow.

Currently I do not start the session when the reverse lookup of the IP matched to /google/, so this works quite fine, but it fails for other search engines.

Well, I think I must wait until my ISP upgrades the version to 4.3.0 ...

Thanks again!

All the best,
Hannes.

vincevincevince

4:55 pm on Jul 23, 2003 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



i guess you'll have to match the other search engines too i'm afraid...

or how about matching users? just match all the browsers you can think of - and add in X11, XP, ME, 98, MacOS etc... that should cover just about all human user's UA strings!

captainhannes

8:31 pm on Jul 23, 2003 (gmt 0)

10+ Year Member



Vince,

the UA idea is perfect! Thanks a lot! :-)

All the best,
Hannes.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month