Unfortunately I do can not oblige users which will use those pages to accept cookies . The pages are for an e-commerce web site. If I use the directive session.use_trans_sid = 0 is not possible to MANTAIN THE SAME phpsessid value among differents pages, isn t it?
Cheers, Seba ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "PHP General list" <[EMAIL PROTECTED]> Sent: Thursday, February 19, 2004 2:45 PM Subject: [PHP] Re: PHPSESSID and URL rewriting > Hello Seba, > > Check your php.ini file: you'll probably find that "session.use_trans_sid" is set to 1, > which is actually a security hazard. If you set "session.use_trans_sid" to 0, session IDs > will no longer be automatically sent as GET variables. > > Cheers, > > Erik > > > On 19 Feb 2004 at 13:15, Seba wrote: > > > Hi everyone, > > I have this situation: > > I use some regular expressions to rewrite the URL of a web site, > > in particular: > > http://www.mysite.com/lingua-ita/colore-rosso/pagina.html > > that becames > > http://www.mysite.com/pagina.php?lingua=ita&colore=rosso. > > > > Is all ok until I use some session variables. > > It happens that the string ?PHPSESSID=[valore] is merge to the link and > > this will cause a damage in the URL rewriting. > > > > Note that the string comes merged by the browser (Explorer, opera) to > > the link I wrote before. > > (http://www.mysite.com/lingua-ita/colore-rosso/pagina.html?PHPSESSID=f4s6f5d 4fs65df4s65fd4). > > > > Since the links first come in this format, then are rewroted by the rule > > in the file htaccess and finally parsed by the webserver (apache , IIS), > > How can I avoid it? > > > > I tried with: > > RewriteRule (.*)?PHPSESSID=(.*) /PHPSESSID-$2/$1 > > as last rule, but it didn't work. > > > > Can you help me? > > > > thanks in advance > > Seba > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php