Stopping the session ID from being appended in PHP

Skybly · August 16, 2017, 9:49pm

Hello,

I have installed a simple guestbook script (Xeobook) on my website. It uses sessions to keep track of whether the admin is logged in or not. Now, the guestbook page won’t validate since PHP adds a session id to every link on the page, sometimes inserting an unencoded ampersand, and it also puts a hidden field into the form.

I tried turning this off by inserting these lines at the top of the script:

ini_set (‘session.use_only_cookies’, true);
ini_set (‘session.use_trans_sid’, false);

It still inserts the ID and field, though Any ideas what I might be doing wrong? Thanks!

PS: Same thing happens with another script that uses sessions, so I don’t think it’s an issue specific to the guestbook.

–
Pointy-Ears.net

manchineel · August 16, 2017, 9:49pm

ini_set(‘arg_separator.output’,’&’) ;

If you set this, then your page will validate. It changes the ? in the URL to &, which is valid.

Skybly · August 16, 2017, 9:49pm

Thank you! Unfortunately, it still doesn’t validate completely since the hidden field is still being inserted into the form. Is there any reason why “session.use_only_cookies’” won’t work?

–
Pointy-Ears.net

system · August 12, 2020, 6:51am