Passing PHPSESSID in url

software development


I’ve built my site in PHP and I’m using sessions on my site (without cookies at the moment). When my pages are rendered, it sticks the PHPSESSID at the end of the url. Besides being annoying and from what I read, a potential security risk, it’s keeping it from being rendered as valid xhtml1.0 strict. Now I’ve read about how you would normally turn off session.use_trans_sid in the php.ini file, but I can’t do that and really don’t feel like installing my own version of PHP to get it to go away. Is there something that I can stick in the page header that will keep this from showing up?

Or any other ideas?