[drupal-devel] [bug] settings.php change to prevent PHPSESSID in URL
killes
drupal-devel at drupal.org
Mon Aug 1 01:17:28 UTC 2005
Issue status update for
http://drupal.org/node/21170
Post a follow up:
http://drupal.org/project/comments/add/21170
Project: Drupal
Version: 4.6.0
Component: other
Category: bug reports
Priority: normal
Assigned to: kbahey
Reported by: kbahey
Updated by: killes at www.drop.org
Status: patch (code needs review)
I think sessions would still work. I am not convinced we should add this
to settings.php, though. Maybe as an uncommented option?
killes at www.drop.org
Previous comments:
------------------------------------------------------------------------
Sat, 23 Apr 2005 16:47:20 +0000 : kbahey
Attachment: http://drupal.org/files/issues/settings_0.patch (576 bytes)
As per the workaround mentioned in discussion [1], the default
settings.php file that is shipped does not always prevent PHP from
adding the PHPSESSID in the URL.
Although this is a hosting setting issue, a workaround exists for it:
A patch is attached, and it just adds the following line to
settings.php
ini_set('url_rewriter.tags', '');
[1] http://drupal.org/node/17947#comment-36339
------------------------------------------------------------------------
Sun, 24 Apr 2005 12:33:12 +0000 : Dries
If this mechanism kicks in, your session ID isn't shared but the
sessions probably won't work either. Is this a good idea?
------------------------------------------------------------------------
Sun, 24 Apr 2005 14:56:41 +0000 : kbahey
I am not sure which is the lesser evil: not having sessions or having
session IDs in the URL.
Perhaps we can add it in the settings.php as a comment ("If you still
have the sessions in the URL then try this" kind of thing).
More information about the drupal-devel
mailing list