removing session IDs from URLs

[Maljonic]

I noticed on the dating site in my sig that session IDs are sometimes displayed in the URLs of some pages and sometimes they're not. Google is chaching both versions which is a bit of a pain. Is there a way to make sure they aren't displayed with cunning jiggery pokery, like htaccess or something, or is it part of the script that runs the site that needs fixing?

 

[wyrd_fish]

i belive that session vars only appear when cookies are disabled

hummm, i'm not 100% though, where's jonty when we need him

 

[Maljonic]

I thought there might be a way to ask search engines to ignore session IDs, can't think how though but it seems like a good idea.

 

[phlash]

AFAIK (ie: I'm not Jonty but I've done this kind of thing before ), wyrd_fish is right - sessions are maintained by an application environment by sending back a cookie, and adding a session ID into the URLs on the first page - if the cookie comes back then URL modification is no longer used, if the cookie doesn't come back then URL modification continues to be used.

Which means - if you turn off the session IDs in the first page of your site that is visited, you cannot support browsers with cookies disabled. You probably can turn off the URL modification in PHP config (or whatever application environment you are using) however.

HTH,
Phil

 

[Maljonic]

You mean the php config of the script? I had a look at it but I can't see anything, or do you mean I need to add something to it?

 

[phlash]

Sorry - not a PHP guy myself but I vaguely remember their being a PHP.ini or similar that configured the environment, including how sessions are maintained with browsers. Perhaps this would help: http://uk.php.net/manual/en/configuration.changes.php

P

 

[Shovel]

Sorry - not a PHP guy myself but I vaguely remember their being a PHP.ini or similar that configured the environment, including how sessions are maintained with browsers. Perhaps this would help: http://uk.php.net/manual/en/configuration.changes.php

P

Bear in mind that if it's not using PHP's native session handling (and is instead rolling something of its own design) you may not be able to change it at all without rewriting a large chunk of the script.

 

[Maljonic]

Where would I look if it was doing something of its own? You can download the script for free by the way of you're interested in looking at it? There's a newer version coming out soon, which is also free. It's very good to mess around with, either to use as it is and modify slightly or use it as a base to make something a lot different.

http://www.tufat.com/s_free_dating_system.htm

 

[Shovel]

Where would I look if it was doing something of its own? You can download the script for free by the way of you're interested in looking at it? There's a newer version coming out soon, which is also free. It's very good to mess around with, either to use as it is and modify slightly or use it as a base to make something a lot different.

If it does its own session handling then it could be anywhere really. I don't have time to look through it myself, but I suspect that a call to restore a session would probably come early on in the code, so start at index.php and follow it through. If you're lucky it'll be nicely modular and it won't be too hard to find, but since it's PHP so it could just as easily be a monstrosity.

Also, even if you can change the way it writes the session ID from the URL to a cookie and change the function that reads/writes that, you're still left having to change the way it generates URIs.

Could be a big job and it might be worth emailing the script maker to ask if they've got any plans to produce better URIs in a future release.