session_start() help

[jakebur01]

I am trying to display different content for the user on the homepage if they are logged in. After they logged in I set $_SESSION['valid_user'] , $_SESSION['zip'], etc.

 

On the homepage I have session_start(); at the top and I have sections on the page that checked to see if you are logged in.... if you are, then it displays info based on you account.

 

My problem is that I do not want session_id's appended onto all of my links.

 

How can I do what I need to do on the homepage and not have session id's in my links?

 

Thanks,

 

Jake

[Yesideez]

I've had this problem before and every time I fixed it I always forget what caused the problem :/

[jakebur01]

It has to be common for people who have worked with e commerce sites.

 

How do they display the cart quantities and cart items without having session id's in their links?

[Yesideez]

Try placing this BEFORE session_start():

ini_set('session.use_only_cookies', 1);

[Yesideez]

btw, might also be worth reading the chatter here...

http://forums.oscommerce.com/lofiversion/index.php?t151699.html

[xtopolis]

Set it in your php.ini file

http://us.php.net/manual/en/session.configuration.php

[jakebur01]

I did some research. Someone suggested this:

 

ini_set('session.use_trans_sid', false); won't help,

but

ini_set("url_rewriter.tags","");

does

 

 

Would ini_set("url_rewriter.tags",""); be a good thing for me to use? And will it hurt me or my customers in any way?

[xtopolis]

What version of PHP are you using?

 

AFAIK, it should be disabled by default...(session.use_trans_sid), which would mean no session id appended to the url.

 

Check your servers php_info() vs this one: http://links.1and1faqs.com/check_info.php5

That by default uses cookies only to pass the session id.

[jakebur01]

PHP Version 5.2.2

 

Directive Local Value Master Value

session.auto_start Off Off

session.bug_compat_42 Off Off

session.bug_compat_warn On On

session.cache_expire 180 180

session.cache_limiter nocache nocache

session.cookie_domain no value no value

session.cookie_httponly Off Off

session.cookie_lifetime 0 0

session.cookie_path / /

session.cookie_secure Off Off

session.entropy_file no value no value

session.entropy_length 0 0

session.gc_divisor 1000 1000

session.gc_maxlifetime 1440 1440

session.gc_probability 1 1

session.hash_bits_per_character 5 5

session.hash_function 0 0

session.name PHPSESSID PHPSESSID

session.referer_check no value no value

session.save_handler files files

session.save_path no value no value

session.serialize_handler php php

session.use_cookies On On

session.use_only_cookies Off Off

session.use_trans_sid 1 1

 

Would it be ok if I use the following below before SESSION_START(); ?

ini_set('session.use_trans_sid', false);
ini_set("url_rewriter.tags","");

 

Is this going to hurt me in any way?

[xtopolis]

It would have to be placed on every script.  Do what I said and put the config into a php.ini file which would apply to the whole folder.

 

session.use_trans_sid 0  , I'm pretty sure will help

url_rewriter.tags  , I have no clue

[jakebur01]

I only need the session on the homepage. Which is the only page accessible by google.

[premiso]

It would have to be placed on every script.  Do what I said and put the config into a php.ini file which would apply to the whole folder.

 

session.use_trans_sid 0  , I'm pretty sure will help

url_rewriter.tags  , I have no clue

 

Or if your host allows .htaccess put it in that instead.