PHP Session ID's

[Nic]

Apologies if this has been asked before, but I did a quick search and couldn't find an answer to my problwm.

I have two boards on one site (under different sub-domains) that use the same user database.  I haven't touched either of them, scripts or datatabase, in months now.  This morning, though, I realised why noone has been posting!  I'm not logged in any more and went to log in, but when I hit ANY link I end up with "?PHPSESSID=d1c9cb90bfac8e8a17156a8bb690e478&action=" in the URL.  I tried both boards, and they are both doing the same.

The only thing I could find on here was about settings.php having an extra line on the end.  Since I hadn't modified them in either board I didn't think it was that but checked anyway - no spare line.  Could there be another reason for this?  It just seems strange to me that both are doing this, yet another board of mine on another site (but hosted by the same company) is working fine.

[[Unknown]]

I have two boards on one site (under different sub-domains) that use the same user database.  I haven't touched either of them, scripts or datatabase, in months now.  This morning, though, I realised why noone has been posting!  I'm not logged in any more and went to log in, but when I hit ANY link I end up with "?PHPSESSID=d1c9cb90bfac8e8a17156a8bb690e478&action=" in the URL.  I tried both boards, and they are both doing the same.

This means cookie problems, likely, but it doesn't point to why no one would be posting.  This is just done when the session cookie isn't set.

Can you post a link?

-[Unknown]

[Nic]

It *could* just have been me  .  The two forums are relatively new anyway, so not many people are posting, but I cleared up my pc and deleted the cookies, restarted and now I am able to get in!  I am reckoning it to just have been my pc, then, since I was also having trouble getting pages to display on another part of the site that uses cookies, too.  But, just in case I *have* managed to mess it up somewhere, one URL is http://stephenking.kraftysworld.co.uk/forum/index.php....

[Han]

I have the same problem since I updated my testforum and normal forum to  SMF 1.1 Beta 3.

url of my forum = http://www.pcnavigator.nl/forum

When I open the forum in a new browser-session as a guest the links on the boardindex contain a PHPSESSID number in the url. When I click this url I get "HTTP-fout 406 - not accepted" error page so guests can never read anything that is on the forums. No guest can enter/read my forum and most members cant logon until they hit the refresh button of the browser.  After that the normal url appears of the boardindex and the forum works properly.

Normal URL = http://www.pcnavigator.nl/forum/index.php?board=5.0

PHPSESSIE URL =
http://www.pcnavigator.nl/forum/index.php?PHPSESSID=fadadb66dc22ef5d273fa9ffe9ffb272;board=13.0

How do I get rit of the "PHPSESSID=fadadb66dc22ef5d273fa9ffe9ffb272;" part in the URL ??
Something is going wrong with this phpsession-thing



Clearing cache, cookies and Temp did not solve the problem.

[[Unknown]]

Having problems with mod_security?

-[Unknown]

[Han]

Tnx for your quick reply 

I've put the .htaccess file in place and nothing changed. The problem still exists.
To be really sure, I will ask my hosting provider if he has made any changes to my account.

[Han]

I looked around on the internet and I see it on every SMF 1.1 beta 3 forum
Even here on Simplemachines.

How to reproduce  :
- Log out
- Close your browsersession
- Start a new browsersession and surf to http://www.simplemachines.org/community/index.php
- See the syntax of the url's. (with PHPSESSIE part in it)

The main diffrence here is that you don't get an 406-error when you click this link here on simplemachines. The link works normally. What setting do I have to make in the adminpanel to get the same result on my forums??

[[Unknown]]

How to reproduce  :
- Log out
- Close your browsersession
- Start a new browsersession and surf to http://www.simplemachines.org/community/index.php
- See the syntax of the url's. (with PHPSESSIE part in it)

That's both normal and temporary.  It does that because, at that time, it can't tell if you're a client that has cookies enabled or not.  They go away the next page view, or should.

Bots never should see the session ids - only people using standard browsers.

The main diffrence here is that you don't get an 406-error when you click this link here on simplemachines. The link works normally. What setting do I have to make in the adminpanel to get the same result on my forums??

Right.  The 406 error is caused by mod_security, and is what I suggested fixing.

-[Unknown]

[Han]

I made a service ticket to my hosting provider. They are in buisiness 24/7.
It's very early in the morning where I come from (The Netherlands) and I have send the
ticket in the middle of the night.
They must have read this and solved it, because the problem seems to have been solved.
I did not receive an email from my host to confirm but I already start to cheer carefully.

Thx man!!

[Han]

My host replied that mod-security was installed on our server but they changed it somehow so that it does not bother us anymore and still does what it has to do.