Why must we append the SID to URLs?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Post Reply
User avatar
spencer4678
Registered User
Posts: 24
Joined: Fri Apr 28, 2017 7:24 pm
Location: Toronto, Canada
Name: Spencer Bryson

Why must we append the SID to URLs?

Post by spencer4678 »

Hi guys,

I've been wondering why we often need to append the session ID to our url in order to preserve the session? On my computer, the SID is often sent in the cookie and I myself do not need the SID appended. However, my friend simply cannot hold a session without having the SID sent as a parameter in the url, instead of through a cookie.

I don't often see this in other web softwares, so I was wondering why is this a convention that phpBB seems to resort to a lot? Is there some type of cookie policy that it aims to abide by?

Thanks! :ugeek:
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Why must we append the SID to URLs?

Post by RMcGirr83 »

That is usually a sign of incorrect board cookie settings within the ACP.
Knowledge Base - Fixing incorrect cookie settings
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
User avatar
spencer4678
Registered User
Posts: 24
Joined: Fri Apr 28, 2017 7:24 pm
Location: Toronto, Canada
Name: Spencer Bryson

Re: Why must we append the SID to URLs?

Post by spencer4678 »

RMcGirr83 wrote: Thu May 11, 2017 6:46 pm That is usually a sign of incorrect board cookie settings within the ACP.
Knowledge Base - Fixing incorrect cookie settings
Thanks for bringing that to my attention, I hadn't really considered it could be an issue on my end. I deduced that my cookies are set to be secure, but my friend was requesting the non-HTTPS version of my site.

I just need to set a rewrite rule to force HTTPS.

Thanks RMcGirr83! :D
Post Reply

Return to “phpBB Discussion”