I have detected that my server uses PHPSESSID through Google Webmaster Tools. The Bounce Rate as shown in Google Analytics started to increase from about 2 to 75% since I have detected PHPSESSID two weeks ago. With it a whole bunch of URL parameters showed up on my site. Iâm unable to delete them and I can only decide if the entries have an effect on the behavior of my site or not. I can see over 160 re-directs to duplicate content. I know that I can use the following entries:
php_value session.use_only_cookies 1
php_value session.use_trans_sid 0
in .htaccess to prevent PHPSESSID from appearing.
However this doesnât solve the problem. Since I do have a dynamic site I canât use this code:
$actualurl= 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$correcturl = 'http://www.ragepank.com/articles/26/disable-phpsessid/';
if ($correcturl != $actualurl) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $correcturl);
exit();
}
on every page to prevent redirecting visitors. Any ideas are appreciated.
P.S. The site runs on Apache Server.
sounds odd. could be a possible script kiddie attack. no one is going to close a web page because of PHPSESSID. does it come up with PHPSESSID when you visit the website.
check out coding on those webpages also that do PHPSESSID
add to php file at top
You seem to use the condition
if ($correcturl != $actualurl)to detect logged in users. Don’t do that, just use some session variable that you set after a user logs in. Then you won’t need PHPSESSID in your addresses.After a users logs in:
$_SESSION['logged_in'] = true;Your new check:
if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'])