We can remove the PHPSESSIONID - Here is a trick

[technica]

Hi guys,

I found an article on the net which tell about how to remove the phpsessionid from the URL when using the smf forum.


The article stats two steps:

1) use .htaccess file

Put below two lines in your .htaccess file

Code Select Expand



php_value session.use_only_cookies 1
php_value session.use_trans_sid




After that...

2) Create a new file in your /Sources/ folder (let it name as removesessionids.php)

in this file add below PHP code

Code Select Expand



if (function_exists ('ini_set'))
{
   //Use cookies to store the session ID on the client side
   @ ini_set ('session.use_only_cookies', 1);
   //Disable transparent Session ID support
   @ ini_set ('session.use_trans_sid',    0);
}

//Determine current URL
$URL = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

//Decode and clean URL
$URL = urldecode ($URL);
$URL = str_replace ('&', '&', $URL);

//Check if PHP is not in safe mode,
//and PHPSESSID is passed via URL
if (!ini_get ('safe_mode') && preg_match ('#'.session_name().'=([^=&\s]*)#i', $URL))
{
   //Remove PHPSESSID junk and unneeded characters ("&" or "?") at end of URL
   $URL = preg_replace ( array ('#(\?|&)'.session_name().'=([^=&\s]*)#', '#(&|\?)+$#'), '', $URL);
   //Send Moved Permanently header
   @ header ("HTTP/1.1 301 Moved Permanently");
   //Redirect to clean URL
   @ header ("Location: " . trim ($URL));
   //End current script
   exit();
}




This trick works fine, and removes the PHPSESSIONIDs from the URLs.

But the problem that I faced with this is, once you load the forum (with a new session) the board URLs on the home page still take PHPSESSIONIDs.
Which leads to a 404 error (page not found) if you click on any board name.

This happens only at the first time, meaning for a new session. If it is not a new session then the board URLs are generated properly without any error.

Anybody here can try this code and work out on how we can remove the SESSIONIDs from the board URLS on the Home Page of the forum?

[Angelina Belle]

This is definitely a custom coding issue.
Would you like me to move it to a custom coding board, where you might attract more attention from people experienced working with SMF code?

Why do you wish to remove the SESSIONIDS from the board URLs?

[Joker™]

Before going ahead with this thread I'd like to pour out my little knowledge on the subject.


- What is PHPSESSID?
When someone visits your site with cookies off, PHP will automatically add PHPSESSID into the URL of every page. This is the way of maintaining state between pages.


- Effects of disabling PHPSESSID?
With PHPSESSID disabled you must make sure that all of your visitors/member must have cookie enabled in there browsers so as to make usage of codes using sessions like login etc.


- Disabling PHPSESSID enough?
No. Search engines like google crawls your site and take the links, now if you have removed PHPSESSID links, a lot of your links from google are going to be removed and nobody likes to do so much of work, not even google .

Now thinking of how to overcome this?
Go to google,

- collect all your links having PHPSESSID in them
- Make a list of all pages containing a PHPSESSID.
- Create a new page on your website, and link to it from somewhere obscure.
- Add links to all these PHPSESSID pages on this new page

Note - There may be more more methods to do it, you can google it.


So, is so much of hassel worth it keeping my first point in mind about visitors cookies? Choice is your's (Saw movie style ).