Looks like the site is using PHP's session tracking. It defaults to using cookies unless cookies are turned off in the browser, in which case it reverts to URL re-writing. Try turning cookies on in your browser and checking again - I bet that the?PHPSESSID=yaddayadda will be gone.

PHP session tracking has to be turned on in the script that uses it - it doesn't just "happen" by itself.

Doesn't this thread belong in "Perl & PHP CGI scripting"?

Mosley700,

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

From: [php.net...]

GB

This is the second time that content from the php.net site has referenced php 4.3.0.

It isn't released, most recent version is 4.2.3.

I would say ask the designers/coders first, they can point you in the right direction.

This setting was added in PHP 4.3.0

Then it wonīt help much, since I havenīt seen a server running PHP 4.3. The latest release that is available for download is 4.2.3.

Good catch Jatar_K,
I didn't see that. Here's the one that works with the current version.

session.use_trans_sid

From: [php.net...]

Thank you all for your help.