The problem is that SOMETIMES, my SID gets embedded in the URL,
although at the begining of every page I have this code:

ini_set('session.use_only_cookies', "1");
session_set_cookie_params(60*60);
session_start();
session_register("blabla");
if (!$_SESSION["logged_in"])
session_destroy();
etc, etc;

So there are days/times when the SID isn't embedded in the URL (and in
the links of the page), and days/times when it is, regardless of what
value $_SESSION["logged_in"] has.
I tested the value returned by ini_set and it's always different from
false.
What gives ???
Stranger is the fact that phpinfo() says session.use_only_cookies is on !

Another thing: I'm losing my session when redirecting to a relative
url, although session.use_trans_sid is on in php.ini!, shouldn't
session.use_trans_sid take care of that, embedding SID's into urls
when they are relative urls ?

I tried ini_set('session.use-trans-sid', 0). Right after I made the change, the sid was gone, urls didn't contain it anymore, BUT, the next day, today, when I accessed the site from my office (another computer), the SID is there again!

And this is exactly like when I first added ini_set('session.use_only_cookies', "1") : before the addition the sid was sometimes there, after the addition it wasn't. Few days later it was there again.
Then I added ini_set('session.use-trans-sid', 0) and it was ok, today it's not.
Don't know what to believe anymore...

The strange thing is, phpinfo() says session.use_only_cookies is ON and session.use_trans_sid likewise.
So if session.use_trans_sid is on, why do I lose my session after redirecting to a relative url ? The docs say that "relative URIs will be changed to contain the session id automatically".

Also when I access the forums on my site (IPB), the sid isn't embedded.

So my question is: if session.use_only_cookies is ON, why on earth is the sid present in the url ?
PS: php is version 4.3.8.

This article has been dead for over six months. Start a new discussion instead.