Trying to get session ID to not show in browser address bar

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
Fasty
Registered User
Posts: 65
Joined: Fri Sep 23, 2005 9:10 pm

Trying to get session ID to not show in browser address bar

Post by Fasty » Thu Nov 03, 2005 6:55 pm

I'm running 2.0.17, and will be updating soon.

I'm using a custom php.ini on my site to add a little extra security to my forum. One of the user modified parameters is session_transid = 0. Using a phpinfo file verifies that the session.use_trans_sid local and master values both say off, so my php.ini seems to be good. I've copied the php.ini to every folder in my forum that contains any php files.

The problem is, I still see the session ID in Internet Explorer's address bar when I go to login. This happens no matter if I log in as admin, or using a regular user account.

If anyone has some advice for me, let me know if you need any more info.

Thanks.

Fasty
Registered User
Posts: 65
Joined: Fri Sep 23, 2005 9:10 pm

Post by Fasty » Thu Nov 03, 2005 8:24 pm

OMG. Just posted this a little while ago and it's halfway down the second page already.

Anyway... still looking for some help on this.

Jeffro_DLP
Registered User
Posts: 9
Joined: Sun Sep 19, 2004 3:08 pm

Post by Jeffro_DLP » Thu Nov 03, 2005 10:05 pm

You can keep the board in a bottom frame. Make the top frame hidden, or 0 height, and the bottom frame 100%.

Fasty
Registered User
Posts: 65
Joined: Fri Sep 23, 2005 9:10 pm

Post by Fasty » Fri Nov 04, 2005 4:45 pm

Hi Jeffro,

Thanks for the response. Unfortunately though, I don't know what you mean.

What I'm looking to find out is if something in phpbb's scripting is overriding my php.ini file. Even when someone puts their mouse over the login link on my forum, you can see the session ID showing in the browser's staus bar.

Even worse for security, is I have no idea if my global registers are really off. My custom php.ini says they are, but it doesn't seem to be having an effect.

I notice that session ID's don't show on this forum. How did the phpBB guys accomplish that?

Locked

Return to “2.0.x Support Forum”