What is PHPSESSID Why does it is there for login ? can we get rid of it?

[gigashiga]

I see PHPSESSID in URL address bar Why is it used? is there a way we can get rid of it?

[IchBin™]

It usually is only their for a couple of clicks. Long enough for SMF to obtain it, and use it as needed. After a couple of page loads the session ID should disappear from the URL.

[MrPhil]

The reason it's there is that HTTP (Web protocol) is a "stateless protocol". Each page is completely independent of all others. In other words, when you go from one page to another, the server has no way of knowing it's the same you that was just on the other page. So, it doesn't know you've already signed in to the forum (or put something in your shopping cart) without a little help. This can be done by one of (at least) two ways. One is to generate a random "session ID" (PHPSESSID) and carry it from page to page as an ID that it's you moving around the site. That's annoying to see in the URL. The other (which SMF uses) is to drop a "cookie" on your PC, containing a randomly generated ID. Each time you load a page, the server is told if a cookie exists and what the ID is inside it. That way it can keep track of your movement through a site (that you've signed on, selected merchandise, etc.) without cluttering up the URL for each page. If a site does not use cookies, or a user has their PC configured to reject cookies, a site will have to carry around the PHPSESSID. An ethically-run site will destroy the cookie (expire it) when it's done with a given session, rather than tracking you over time. Cookies can also be used to store other information (your preferences, etc.) on your PC, but whether that's a good thing is debatable. Cookies can be used to "track" you and learn your buying and viewing habits, in order to tailor advertising to you, and many consider that a bad thing.