Hi all,
Here is a website using SMF V1.1.5 : http://www.1001modes.com/forum/index.php
Is there any way to forbid totally the use of session ids in urls ?
With the same browser, sometimes theses sessions ids appear on urls, sometimes they don't.
I don't understand why... I even changed PHP configuration to use only cookies to save session ids (session.use_only_cookies is on) ... but it doesn't work...
Any idea ?
Thank your for your help.
PHPSESSID should only be included in the url on the first or second page views (providing cookies are enabled in the users browser). (NOte; these are disabled from being shown to spiders/robots like Google)
If you are referring to the variable 'sesc' as used in some smf urls are required for security reasons. This cannot be disabled. (and you wouldn't want it disable)