Avoid recreating new PHPSESSID

Arantor · June 24, 2018, 06:21:01 AM

Yup, it's long been a matter of contention within the team and the industry about the value of nice looking URLs, something that the paid platforms have long since figured out and that the free ones keep trying to argue isn't relevant (mostly because it's effort to fix properly)

vbgamer45 · June 24, 2018, 08:35:16 AM

Arantor do you suggest ripping out $PHPSESSID?

I see SMF uses the php constant SID

SirLouen · June 24, 2018, 08:35:39 AM

Quotemostly because it's effort to fix properly

I assumed that and makes sense.

All current forum CMS found this important and stepped forward in this sense, nodeBB, Vanilla, even bbPress... I think the only two stuck in this position are phpBB and SMF.

Since this forum is maintained by the community, I can't argue much about this because I recognize this is eventually a lot of programming time. If one day I have some time to start helping out I think I will start definitely in this point

Meanwhile, I will be dealing with the current mods available

Arantor · June 24, 2018, 08:44:19 AM

Quote from: vbgamer45 on June 24, 2018, 08:35:16 AM
Arantor do you suggest ripping out $PHPSESSID?

I see SMF uses the php constant SID

I think SID is only set when cookies don't cover it - while $PHPSESSID is set in all cases, which is why SMF doesn't set PHPSESSID all the time. I'd check on the differences between those two and go from there.

GigaWatt · June 24, 2018, 09:22:33 AM

@Arantor: How would I do this on a forum that doesn't have Pretty URLs? Remove PHPSESSID for guests I mean

.

Arantor · June 24, 2018, 09:33:24 AM

@GigaWatt: same caveat I mentioned still applies: it screws up your ability to track how many guests are online. But you'd do a mild change inside QueryString.php, in ob_sessrewrite(). The exact change depends on whether you use index.php/topic,1.0.html URLs or not.

GigaWatt · June 24, 2018, 09:37:57 AM

No, I don't use queriless URLs, I use the regular ones, with queries

.

I'll give it shot and holler if I need any help

.

Daretary · January 13, 2024, 10:53:47 AM

I just commented this out to stop this horror:

Code Select

if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot'))
//		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);

Kindred · January 13, 2024, 12:25:33 PM

That is really the wrong thing to do

Arantor · January 13, 2024, 12:43:30 PM

The only circumstance it actually matters is if you expect to have users who don't have cookies enabled, because that's what it was originally implemented for, for being able to track guests/search engines that couldn't handle cookies.

Since cookies are now effectively mandatory anyway you might as well do away with it. You'll note that my comments about it above were 5 years ago - the user end stopped being a problem a while ago (subject to acknowledging the necessity of cookies for guests and search engines) and every crawler handles cookies these days because it's almost more work not to.

Irisado · January 13, 2024, 01:49:38 PM

Quote from: Daretary on January 13, 2024, 10:53:47 AMI just commented this out to stop this horror

Please do not revive support topics that are five and a half years old. Topic locked.

News:

Avoid recreating new PHPSESSID