Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
5 - 4 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Is session ID a problem ?
by peterr on 2006/3/15 0:18:25

Despite the changes I've made, bots are still hitting the site with a GET like ...

Quote:

/index.php?PHPSESSID=0a9ba8ebd120481dd1c4e8f5c00fe710


looks like the only way to really fix it, is a mod_rewrite, to strip the session id from the URL. At presetn, even with the changes advised, the PHPSESSID is turning up in search engines.

P
Re: Is session ID a problem ?
by peterr on 2006/3/14 22:23:45

I _think_ if the server config doesn't let you add the php flag/values in .htaccess, then what you can do, is to have your own PHP.INI

The best to do is ask your hosting company, from memory that is what I had to do on another server, and found the best way to start was to copy the 'full' PHP.INI file into your site, and then make the changes.

P
Re: Is session ID a problem ?
by macmend on 2006/3/14 17:21:20

in sorting out the terrible mess I have got in with my server, i find I am not allowed to use php flag entries in .htaccess as they bring 500 errors...is this a problem is there a way round it, it seems some php security on the host server now prohibits this??
Re: Is session ID a problem ?
by peterr on 2006/3/8 5:46:20

I added this in .htaccess

le="color: #000000"><?php php_flag session.use_trans_sid off


and the cookies were already set to 'on', here are the values from phpinfo()

Quote:

Local Value Master Value

session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off On


I can still do this ....

http://www.example.com/modules/wflinks/newlist.php?PHPSESSID=ae13f0f2d33dc138573157d429e15782

OR ...........

http://www.example.com/modules/xhld0/index.php?PHPSESSID=ae13f0f2d33dc138573157d429e15782

the first url example is what is in the serach engine results, so no doubt I will just have to wait until they do another crawl. From the web server logs, there are several url's that are causing the session ID to be appended, I just tried one, and now the session ID is not there. So, I'll test all the others, and just wait until the next crawls _and_ updates by these search engines.

The XOOPS admin/preferences main/general settings has"

use custom session - No

Thanks,

P
Re: Is session ID a problem ?
by m0nty on 2006/3/8 4:55:04

yup.. old news but still crops up every now n then..

use cookies, and disable trans_sid in php.ini or htaccess etc, and that solves that problem somewhat..

plenty of topics on XOOPS about it if you enter phpsessionid into the search block.

Who's Online

202 user(s) are online (161 user(s) are browsing Support Forums)


Members: 0


Guests: 202


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits