&PHPSESSID Added to Hyperlinks!

Whenever I add session_start(); to the top of my webpage in order for some code that uses Sessional Data to work the following is appended to all my hyperlinks in the GET area:

&PHPSESSID=4c56db88889c27838f4b54f7408d63

So for example a link to 'page.php' would now look like this:

<a href="page.php?my_var=something&PHPSESSID=4c56db88889c27838f4b54f7408d63">Click Here</a>

Why is PHP adding this 'PHPSESSID' variable to my links when I use session_start(); ?

I don't want this behaviour because it is failing my W3C HTML Validation.

Here's what my PHP looks like:

<?
# Page Information Comments

session_start();

# Rest of Code here
?>

The session_start function call is the first line (after some comments).

I notice if I remove the line session_start(); the PHPSESSID variable dissapears, but at the same time my Sessional Code stops working.

How can I use sessions but stop the PHPSESSID rubbish?
russelldavAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

virmaiorCommented:
These three lines determine the session behavior:

session.use_cookies
session.use_only_cookies
session.use_trans_sid

what you are seeing are trans_sid's

if you have use_cookies set to 0 and use_trans_id set to 1 then you would see them

Normally use_cookies is set to 1 and trans_id only happens when a cookie cannot be placed

(using sessions places a cookie with the session ID on the end user's computer)

see:
http://us2.php.net/manual/en/ref.session.php
0
russelldavAuthor Commented:
What do I need to do to replace session_start(); then?
0
hernst42Commented:
no you don't need to modify start_session. Just do a
session_start();
ini_set('session.use_trans_sid', '0');

on the pages you don't want the PHPSESSID to be added.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

russelldavAuthor Commented:
My PHP now says:

<?
# Setup Session
session_start();
ini_set('session.use_trans_sid', '0');

....
?>

Yet I still see the &PHPSESSID appended to hyperlinks ?
0
jkna_gunnCommented:
one way to stop it is by have absolute links so if you have a link to index :

<a href="index.php">Index</a>

it becomes

<a href="http://www.yoursite.com/index.php">Index</a>

0
russelldavAuthor Commented:
I'll experiment with absolute links. In the meantime if anyone else has a way of stopping it I'd appreciate it!
0
StormyWatersCommented:
PHPSESSID will be added to the URL if the user has cookies disabled or you set it to never attempt to use cookies.

See here: http://us2.php.net/session for more information.

You can use ini_set("session.use_only_cookies", "1"); but that might prevent users without cookies from using your site.

Check your configuration settings in PHP.INI. Maybe you have disabled session.use_cookies, in which case it would only attempt to append it to the URL.
0
russelldavAuthor Commented:
I checked the configuration and session.use_cookies is ON.

I don't want to change links so that they are absolute, I prefer to use Relative links.

Here's a snippet from the Configuration (Values are the same for Local and Master):

+ + Session

session.auto_start Off
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /tmp
session.serialize_handler php
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid On

+ + PHP Variables

_REQUEST["PHPSESSID"] 97abc84309d2b3d7c93b89dd4af724d5
_COOKIE["PHPSESSID"] 97abc84309d2b3d7c93b89dd4af724d5
_SERVER["HTTP_COOKIE"] PHPSESSID=97abc84309d2b3d7c93b89dd4af724d5

I don't know if this helps you at all?

0
virmaiorCommented:
if it can't set the cookie then it will automatically use the trans sid (put the id in the url)
see if you still get sessions when you set
session.use_trans_sid Off

I don't think using ini_set works on this one, because you'll be sending the trans id before you initiate the page parsing.
0
eeBlueShadowCommented:
To get the behaviour W3C compliant, simply open php.ini and change

arg_separator.output = "&"
to
arg_separator.output = "&amp;"

PHP will still add the session ID, which is useful for functionality, but your pages will now validate.

_Blue
0
hallvorsCommented:
This didn't work:

# Setup Session
session_start();
ini_set('session.use_trans_sid', '0');


What about reversing the order? Perhaps the ini-value must be set before the session is initiated.

ini_set('session.use_trans_sid', '0');
session_start();


Anyway, I agree that changing the separator to &amp; is a better solution because it allows sessions to work even if the visitors turn off cookies.
0
russelldavAuthor Commented:
I tried moving the ini_set() so it was BEFORE the session_start() but the problem is still there. I'm still not keen on changing the configuration file - Non-standard configurations usually mean someone is doing something in a way that could be done a lot better.  

Is there another work around for this?

If only I didn't have W3C Validation as a requirement :P
0
russelldavAuthor Commented:
Work around by adding the following line to the server's .htaccess file:

php_value session.use_trans_sid Off
0
StormyWatersCommented:
>> Non-standard configurations usually mean someone is doing something in a way that could be done a lot better.  

Or it means that you're just doing something that their default config file doesn't do...
0
eeBlueShadowCommented:
> If only I didn't have W3C Validation as a requirement :P

Like I said, you *can* have working sessions and W3C validation, aall you have to do is change the arg_separator.output value in php.ini.

At the moment, people who don't accept cookies can't use your website.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.