how to hide PHPSESSID?

[Spaceman-Spiff]

i'm coding something for my blog mod for YSE 1.5.4

the blog location is here: http://www.monkey-pirate.com/blogs/spiff/
if you check under Archives on the right bar, all the links contain PHPSESSID
if you're logged in inside the forum, or has the cookies info, PHPSESSID doesn't show in the links, but guests will still have PHPSESSID in the url
my question is: how do i disable/hide PHPSESSID for my mod, not the entire forum

i tried using session_destroy somewhere in the code, but its still showing

[[Unknown]]

Turn off session.use_trans_sid in php.ini.

-[Unknown]

[mephisto_kur]

Okay, how about for people without that kind of access to the host, any way to do it?

[[Unknown]]

Umm... ini_set might work... and possibly ob_start('ob_gzhandler') - I think that stops it.

-[Unknown]

[Spaceman-Spiff]

but the forum is already using ob_gzhandler when output compression is enabled...
do i need to redeclare it somewhere else?

i wonder why the forum doesnt show phpsessid to guests, but my function does:
http://omanga.monkey-pirate.com/index.php?action=blog_ssi_archive;threadid=1343
is it because i'm not using the template_header?

[[Unknown]]

Might be......... headers?

-[Unknown]

[Spaceman-Spiff]

I added ob_end_clean(), and it seems to solve it

[dschwab9]

Okay, how about for people without that kind of access to the host, any way to do it?

You should be able to do that in a .htaccess file as long as "allowOverride" is enabled in httpd.conf (it normally is) and php isn't in safe mode.  Actually, nearly all of the values in php.ini can be over-ridden via .htaccess on a per-directory basis.

[pulpitfire]

I added ob_end_clean(), and it seems to solve it

where did you add this?  we're trying to debug a url mod for YaBB SE that keeps showing PHPSESSID.

[[Unknown]]

PHPSESSID is your friend .

-[Unknown]

[pulpitfire]

or let me ask another way...what keeps php from adding the session id to the url when guests first view the forum?

[Anguz]

is a session really needed for a guest? I can understand how it is for a member, but I don't know much about this, if any, that's why I'm asking 

[pulpitfire]

PHPSESSID is your friend .

-[Unknown]

why don't session id's show in the url for YaBB SE, except for like logout and that?  what keeps them from showing?

[Chris Cromer]

is a session really needed for a guest? I can understand how it is for a member, but I don't know much about this, if any, that's why I'm asking 

It is used to find out if the "Guest" is supposed to be member or not. For instance if a user has cookies off it would normally assume he is a guest, but if the session id is in the url you can determine if he is a member or not even without cookies.

[[Unknown]]

So, this doesn't fix it?

@ini_set('session.use_trans_sid', 0);

-[Unknown]

[Anguz]

So, this doesn't fix it?

@ini_set('session.use_trans_sid', 0);

-[Unknown]

haven't tried it yet... where should I put it? 

I did think of doing this but your code is most probably much better

[[Unknown]]

No, that way isn't as good .

-[Unknown]

[pulpitfire]

So, this doesn't fix it?

@ini_set('session.use_trans_sid', 0);

-[Unknown]

Thanks...ok, where would I put that?  Is that something that would have to be changed in the php settings?  i'm not sure if I have access to change that.  what I was wondering, is, how does the regular forum softward avoid having the session id in it, and why can't there just be a simple code fix for it within the YabbSE code (unless of course that fix is part of the YaBB code, in which case I need to know where it goes).

[[Unknown]]

Put it at the top of the php script... before any output is made.

-[Unknown]

[Anguz]

Put it at the top of the php script... before any output is made.

-[Unknown]

like this in index.php?

Code Select Expand

$time_start = getmicrotime();
@ini_set('session.use_trans_sid', 0);