Quick question about the bridge and sessions

[Omega X]

I noticed that on the first visit to a site with the bridge, a PHPSESSID number is shown on the links in the Recent Topics mod. If you refresh the page, the number goes away.

Now I cannot remember if this was done by default. But I am concerned about a session hash being visible like that. It came to my attention after I upgraded SMF to 1.1.3.

[SlammedDime]

iirc, thats a server configuration issue.  PHP is inserting the session id's in the URL.  Why are you concerned about it?

[Omega X]

Well, I didn't remember it doing that before. Which is why I asked about it.

Not to mention that I read this security article about how hackers can hack a site using the PHPSESSID.

[SlammedDime]

perhaps, but what you see for the session id in your browser is far different from what someone else sees in their browser.  session hacking is normally caused by you clicking a link that a 'hacker' has provided you that already has a session id in it, and if php isn't properly configured, it will accept that session id, and thus a someone can hijack your session through your own fault.  Of course this would need to happen within the lifetime of the session, so the 'hacker' would have to know when you clicked the link.