[drupal-devel] [bug] settings.php change to prevent PHPSESSID in URL
kbahey
drupal-devel at drupal.org
Sun Apr 24 14:56:44 UTC 2005
Issue status update for http://drupal.org/node/21170
Project: Drupal
Version: 4.6.0
Component: other
Category: bug reports
Priority: normal
Assigned to: kbahey
Reported by: kbahey
Updated by: kbahey
Status: patch
I am not sure which is the lesser evil: not having sessions or having
session IDs in the URL.
Perhaps we can add it in the settings.php as a comment ("If you still
have the sessions in the URL then try this" kind of thing).
kbahey
Previous comments:
------------------------------------------------------------------------
April 23, 2005 - 11:47 : kbahey
Attachment: http://drupal.org/files/issues/settings_0.patch (576 bytes)
As per the workaround mentioned in discussion [1], the default
settings.php file that is shipped does not always prevent PHP from
adding the PHPSESSID in the URL.
Although this is a hosting setting issue, a workaround exists for it:
A patch is attached, and it just adds the following line to
settings.php
ini_set('url_rewriter.tags', '');
[1] http://drupal.org/node/17947#comment-36339
------------------------------------------------------------------------
April 24, 2005 - 07:33 : Dries
If this mechanism kicks in, your session ID isn't shared but the
sessions probably won't work either. Is this a good idea?
More information about the drupal-devel
mailing list