My web host is adding ?PHPSESSID=fgh2h45… to the end of the URL

Question

I\'m using iPage.com host. In order to use PHP sessions in their host I need to add session_save_path(\'/home/users/web/.../cgi-bin/tmp\'); at the start of each

Answer 1

Your "host" isn't causing the issue, PHP is appending this data. Specifically, PHP is configured to append the PHPSESSID variable to the URL to allow PHP to track the session. It's possible to change the relevant setting using ini_set prior to calling session_start, or more permanently by updating the php.ini file (though since you're hosted this last option is probably out). This is a list of the available runtime settings for sessions in PHP.

While you can control whether or not the value is appended to the end of your URLs, it's required to track the sessions. Alternatively you can configure PHP to use cookies to track sessions, but requiring cookies to track sessions may break your application for users who reject cookies.

In short, you can control the session ID to make it a little prettier (by renaming PHPSESSID to something more amenable or making the value less cryptic) but unless you want to use cookies to maintain the session, you're stuck with this "garbage" on your URL. If you only use cookies some users may not be able to maintain the session.

To enable cookie based session handling you can execute either:

// stop PHP from automatically embedding PHPSESSID on local URLs
ini_set('session.use_trans_sid', false);

or

// only use cookies (no url based sessions)
ini_set('session.use_only_cookies', true);

Answer 2

If you can't modify php.ini yourself, you can do the following:

ini_set('session.use_trans_sid',false);

This will cause PHP to use cookie based session handling, and not append the session id to the URL (which could be a security risk anyway).

Answer 3

Either configure it to use cookie-based sessions or turn of sessions entirely.