Disable PHPSESSID query parameter

Started by Mindless, February 03, 2025, 11:02:00 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Print
Go Down Pages1
User actions

Mindless

February 03, 2025, 11:02:00 PM Last Edit: February 03, 2025, 11:24:11 PM by Mindless
Setting session.use_only_cookies to 1 should disable use of the PHPSESSID query parameter.  Enabling session.use_only_cookies protects against session hijacking when people share links (which is why the default is 1).

Also, when session.use_only_cookies is not enabled, all the URLs on the forum are unique each time a web spider accesses the site (which you can see on archive.org).

Looks like SMF is specifically disabling session.use_only_cookies, so this is probably what needs to change.  (See also: an issue on GitHub about it.)

namida

#1
February 05, 2025, 10:41:50 PM
It sounds like there shouldn't be any major issues from simply commenting out that line, so let's give that a try for now. I'll leave it in place for a few days and see if it causes any problems, and if not, I'll make that change permanent.
My projects
2D Lemmings: NeoLemmix (engine) | Lemmings Plus Series (level packs) | Doomsday Lemmings (level pack)
3D Lemmings: Loap (engine) | L3DEdit (level / graphics editor) | L3DUtils (replay / etc utility) | Lemmings Plus 3D (level pack)
Non-Lemmings: Commander Keen: Galaxy Reimagined (a Commander Keen fangame)
Print
Go Up Pages1
User actions