1
przemeks
Sessions in URL
  • 2005/4/5 20:06

  • przemeks

  • Just popping in

  • Posts: 57

  • Since: 2005/1/29


Why sometimes in my modules URL's is session ID ex.:

informacje+article.id+43+PHPSESSID+b2043092e073d3c2bed93c52272fa1cd.htm


I use "simplified urls".
In admin panel i disable a additional sessions options.
Users can't log in to my XOOPS (i disable this option).

Sometimes the session ID is in URL, sometimes URL is normal.

informacje+article.id+43+.htm


Why this !@#$%%^^ Session ID is showing in my URLs ??

I'm waiting for answeres.

2
przemeks
Re: Sessions in URL
  • 2005/4/16 9:42

  • przemeks

  • Just popping in

  • Posts: 57

  • Since: 2005/1/29


Could anyone answer to me question ??

3
domifara
Re: Sessions in URL
  • 2005/4/16 13:48

  • domifara

  • Just popping in

  • Posts: 25

  • Since: 2003/9/11


it is my guess?
I think that it is writing some trouble?.
Quote:
przemeks wrote:
Why sometimes in my modules URL's is session ID ex.:
informacje+article.id+43+PHPSESSID+b2043092e073d3c2bed93c52272fa1cd.htm

Why this !@#$%%^^ Session ID is showing in my URLs ??
I'm waiting for answeres.


http://jp.php.net/manual/en/ref.session.php
php.ini
; Whether to use cookies.
session.use_cookies = 1
; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 0

Excluding this
To the core source of Xoops
it's ,Please look at /incule/functions.php
about from line 390
if (defined('SID') && (! isset($_COOKIE[session_name()]) || ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '' && !isset($_COOKIE[$xoopsConfig['session_name']])))) {
        if (!
strstr($url'?')) {
            
$url .= '?' SID;
        } else {
            
$url .= '&'.SID;
        }
    }

when this is.
sometimes in my modules URL's is session ID.
It is time when it has jumped to my site specifying id etc. of the thread that
doesn't exist.
The access of ..sequential.. consecutive id etc. have gone out of the search
engine etc. , too.


This specification is unnecessary on my site.
delelte lines or souce comments

-----------------------------
Quote:
przemeks wrote:
I use "simplified urls".
In admin panel i disable a additional sessions options.
Users can't log in to my XOOPS (i disable this option).


the following be related?

Isn't the following mistakes?being said(xoops forum from GIJOE)
inculde/common.php
from about? line 175
if (function_exists('session_cache_expire')) {
            
session_cache_expire($xoopsConfig['session_expire']);
        }


http://jp.php.net/manual/en/function.session-cache-expire.php
http://jp.php.net/manual/ja/ref.session.php
to
//HACK for FIX (from XOOPS japan forum by GIJOE)        
        
ini_set'session.gc_maxlifetime' $xoopsConfig['session_expire'] * 60 ) ;

4
przemeks
Re: Sessions in URL
  • 2005/5/7 11:47

  • przemeks

  • Just popping in

  • Posts: 57

  • Since: 2005/1/29


I reomve this code forum functions.php

if (defined('SID') && (! isset($_COOKIE[session_name()]) || ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '' && !isset($_COOKIE[$xoopsConfig['session_name']])))) {
        if (!
strstr($url'?')) {
            
$url .= '?' SID;
        } else {
            
$url .= '&'.SID;
        }
    }


And SID still is showing in my URL's. Any othetr suggestions ?

5
m0nty
Re: Sessions in URL
  • 2005/5/7 12:01

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


usually that happens when cookies are blocked or restricted..

it's a server config and not anything to do with xoops..

for info on how to disable it see HERE

you can also use php_flag session.use_only_cookies on in .htaccess for more security..

you haven't said if u see the sid whilst logged in or logged out..

if logged in then it's a problem if you copy/paste urls to people..

if u only see it when logged out then there's not much of a problem..

6
przemeks
Re: Sessions in URL
  • 2005/5/7 13:06

  • przemeks

  • Just popping in

  • Posts: 57

  • Since: 2005/1/29


I don't have acces to php.ini but i add a this line:

php_flag session.use_trans_sid off


to my .httacess file in root directory.

I use simplefield_urls and this hack also require a code in .httacess.

In my .httacess i have:

#

RewriteEngine on

RewriteCond 
%{REQUEST_FILENAME}   !-s
RewriteRule 
^.*.(htm|htmlloadpage.php [L]
RewriteRule ^$ loadpage.php [L]

#

php_flag session.use_trans_sid off


I don't know much about .httacess but i hope that it shoud work correctly.

Can you check it ?

And thanks for all.

Login

Who's Online

162 user(s) are online (72 user(s) are browsing Support Forums)


Members: 0


Guests: 162


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits