Hello Seba, Check your php.ini file: you'll probably find that "session.use_trans_sid" is set to 1, which is actually a security hazard. If you set "session.use_trans_sid" to 0, session IDs will no longer be automatically sent as GET variables.
Cheers, Erik On 19 Feb 2004 at 13:15, Seba wrote: > Hi everyone, > I have this situation: > I use some regular expressions to rewrite the URL of a web site, > in particular: > http://www.mysite.com/lingua-ita/colore-rosso/pagina.html > that becames > http://www.mysite.com/pagina.php?lingua=ita&colore=rosso. > > Is all ok until I use some session variables. > It happens that the string ?PHPSESSID=[valore] is merge to the link and > this will cause a damage in the URL rewriting. > > Note that the string comes merged by the browser (Explorer, opera) to > the link I wrote before. > (http://www.mysite.com/lingua-ita/colore-rosso/pagina.html?PHPSESSID=f4s6f5d4fs65df4s65fd4). > > Since the links first come in this format, then are rewroted by the rule > in the file htaccess and finally parsed by the webserver (apache , IIS), > How can I avoid it? > > I tried with: > RewriteRule (.*)?PHPSESSID=(.*) /PHPSESSID-$2/$1 > as last rule, but it didn't work. > > Can you help me? > > thanks in advance > Seba -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
