Bug #28900
closed
All links have Parameter PHPSESSID at first load of website URL
0%
Description
Since Typo3 4.5.4 if a website is called the first time in the browser (= php tries to set the session cookie PHPSESSID the first time) all links are appended wit a URL Parameter "?PHPSESSID=xxxx"
It seems that this is the "default" behaviour of php if php does not know if a session cookie could be set. However this does not happen if I change the Typo3 version of this website back to 4.5.3.
This happens without login in backend or frontend and with all browsers I testes (= Firefox, IE, Safari, Opera, Chrome)
Ways to reproduce:
1) Change typo3_src to 4.5.4
2) Delete all session cookies in the browser before loading the URL
3) Load the URL -> All links are appended with PHPSESSID parameter, after reload of the page the Parameter dissappears (as the cookie is set now), if I deactivate cookies the PHPSESSID Parameter is added permanently.
4) Change typo3_src to 4.5.3
5) Delete all session cookies in the browser before loading the URL
6) Load the URL -> NO PHPSESSID parameter
This is a big problem from my point of view because the links with the PHPSESSID also appear in search engine result links. And the HTML does not validate with this Link Parameters.
I found the following report of another user reporting this issue: http://old.nabble.com/after-typo3-upgrade-to-4.5.4-PHPSESSID-is-shown-in-browser-url-td32192989.html
Updated by Thorsten Kahler over 12 years ago
- Status changed from New to Needs Feedback
- Assignee set to Manfred Langhammer
- Priority changed from Must have to -- undefined --
Hi Manfred, you probably have session.use_trans_sid enabled on your host. This setting appends the (newly generated) session ID to all links when it's unclear whether the clients supports cookies.
Updated by Helmut Hummel over 12 years ago
- Priority changed from -- undefined -- to Won't have this time
Indeed the session initialisation changed in 4.5.4.
But this is not the reason for the session id being set in the URLs.
Please check if you set
session.use_only_cookies
to true, which is recommended.
Updated by Manfred Langhammer over 12 years ago
Hi and thx for the reply!
First I set session.use_only_cookies = 1 -> didn't help
Then I additionally set session.use_trans_sid = 0 -> PHPSESSID Parameter GONE with 4.5.4!!
Wondering why session.use_trans_sid = 1 is the default at my provider (domainfactory)
Whatever: Working since many years now with typo3 at domainfactory and never had this PHPSESSID parameter before - so I guess that something changed in 4.5.4 that needs these settings now. maybe this was set on the script level before?
Updated by Susanne Moog over 12 years ago
- Status changed from Needs Feedback to Closed
Closing this one as it is solvable by configuration. Other people with this problem will find the bug report and can solve it the same way.