Session ID in URL - sometimes it's not visible - PHP Server Side Scripting forum at WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Session ID in URL - sometimes it's not visible

solving a Session ID mystery

dwidmer

11:49 am on Aug 9, 2003 (gmt 0)

I'm using sessions on my website because I have variables that needs to be carried accross several scripts. The language variable $language is one of them.

When the user visits the site, he gets a $language value assigned according to his browser settings. this variable is then registered in the session.

I realized that usually PHP adds the Session ID to every link on the page in order to carry it with the URL. However this seems no to be the case here. Some links contain it, others don't. Sometimes the same link does not contain the ID when you click on it for a second time.

I have put

session_start();
ini_set("session.use_cookies","0");
ini_set("session.name","ID");

On top of my script and as far as I can tell, the website ist not sending any cookies. So where did my Session ID go? Why doesn't it show?

I'm trying to figure out why Googlebot doesn't like my page. It might be because of the session id.

So does anyone have any comments on this? Similar problems?

Thanks

Dan

ams_david

12:55 pm on Aug 9, 2003 (gmt 0)

I'm trying to figure out why Googlebot doesn't like my page. It might be because of the session id.

Yes.

Googlebot doesn't accept the session cookie, so PHP tacks the session id to the URL. Anything like 'id=' is generally bad for bots.

dwidmer

7:06 am on Aug 11, 2003 (gmt 0)

well... search engines not indexing my site is one problem. I think I'll have to solve that one later. There are some excellent postings on that here. Anyways, why doesn't PHP always add the session ID to the links?

Dan

vincevincevince

7:24 am on Aug 11, 2003 (gmt 0)

The first page you load will have sessionID on every URL, as well as a cookie being set. If the cookie is accepted then the 2nd and future pages will not have sessionID in the URL. However, if you link to another subdomain it may send the sessionID in the URL, depending on settings.

irock

7:25 am on Aug 11, 2003 (gmt 0)

BTW dwidmer,

I'm not session or cookie expert... but if you add this line to your .htaccess on root folder. PHP will no longer append the session ID to your URL, and you still have session support throughout your site. The session ID will stay on your server hard drive until it expired at a preset time.

php_flag session.use_trans_sid off
php_value session.gc_maxlifetime 172800

I'm not sure whether or not this will help you...

the 2nd line here states how long the session will stay alive on the server. In this case, it's 48 hrs.

dwidmer

8:25 am on Aug 11, 2003 (gmt 0)

thanks for the info. the .htaccess idea is pretty good. I don't know how search engines will handle that though.

the thing with cookies is that I have them turned off. That's why I'm surprised that I don't get the session ID in *every* link on *every* site. strange...

thx

dan

irock

11:00 am on Aug 14, 2003 (gmt 0)

I don't think search engines have any problems with the modified .htaccess... since everything is legit here...

dwidmer

6:50 am on Sep 1, 2003 (gmt 0)

Okay. I think I solved the mystery, but I still don't know how to get this thing fixed. The problem is that I get the HTML code of my website from a mysql database, put it in an array and send the array to the template object. Then I display the merged template.

Somewhere along the way the Session ID gets lost. I think it's because PHP does not parse my links since they come from the database. I realised that links that I put manually (echo "<A HREF...") contain the ID.

So how can I force PHP to process the links I have in my template? Any suggestions?

thanks

Dan

IanKelley

8:33 am on Sep 1, 2003 (gmt 0)

The session ID is added to the url if the client does not accept the session cookie.

If you turn off the url session option then...
A) Robots will not be able to spider dynamic pages on your site.
B) People who have their cookies turned off will not be able to use your site.

dwidmer

9:14 am on Sep 1, 2003 (gmt 0)

thanks for the reply, but that was not my question:

I am trying to find out why PHP sometimes adds the session ID to my links and sometimes it doesn't.

I found out that it does not add the ID to links that come from my database. So why is that? Any suggestions? (I want to add the Session ID to every interal link on my website, cookies are turned off)

Dan

IanKelley

9:38 am on Sep 1, 2003 (gmt 0)

Try turning off cookies before you start your session (or in PHP_INI)

dwidmer

9:47 am on Sep 1, 2003 (gmt 0)

I tried that, cookies are turned off. Session ID is properly added to some URLs. Other links don't contain the ID. (links coming from a database)

IanKelley

10:19 pm on Sep 1, 2003 (gmt 0)

I can't tell if you understood what I meant or not... When I've used sessions (lots of good reasons not to use them at all) I've noticed that you have to put certain ini values BEFORE the line where you start the session. In your example above you have them after you start the session so that they will only apply to subsequent sessions in the same script.

I presume this is how it works with cookies as I'm positive that it's how it works for session names.

About the second thing, I don't see what you mean by "links coming from a database". The concept makes no sense to me :-)

I can only think of two possibilities for what you mean...

A) Full internal urls grabbed for display from a database. I can't think of any reason for this.
B) Every single link in your site that comes as a result of information retreived from a database.

If it's B then the only possible problem is an error in your script. There is no PHP or server setting that could cause this to happen.