PHP Session ID and Google
Before I go any further, yes, I've searched through the forums extensively.
When my site was first launched it was searched by Google. Verified by looking at the logs and a Google seach brought up my site. Sinc then, Google hasn't come back (the last 3 months at least) and my site doesn't appear via a Google search.
I'm thinking the site has been banned.
I've been reading that PHP session IDs can have a negative impact on Google and possibly banning the site. I've followed the advice of modifying the .htaccess file to include
session.use_trans_id off
But I still get a session ID upon first login. After that, no session IDs. But coming to think of it, I'm not sure when and where session IDs would come up. Lastly, not sure why a search bot would induce a session ID since an anonymous user doesn't seem to ever generate one.
-- If I have successfully modified by .htaccess file with use_trans_id off why am I still seeing a session ID upon login?
-- Why would a bot get a session ID?
-- Would any of this cause Google to ban the site?
Thanks.
I'm having the same problem
Except that I put a line in .htaccess saying I want to use trans_id (transparent ID, so nothing in URL, everything in COOKIE)
but still I have the problem of the sessionid in the url, i don't understand..
# Override PHP settings. More exist in sites/default/settings.php, but
# the following cannot be changed at runtime. The first IfModule is
# for Apache 1.3, the second for Apache 2.
<IfModule mod_php4.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value session.use_trans_sid 1
</IfModule>
<IfModule sapi_apache2.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value session.use_trans_sid 1
</IfModule>
Just to be clear about your message :
"-- If I have successfully modified by .htaccess file with use_trans_id off why am I still seeing a session ID upon login?"
If you set it to off, then you are telling it that it's ok to not use transparent id.. So I think you made a mistake..
By the way I'm going to try to change my .htaccess to
php_value session.use_trans_sid on
since the way I set it now, just don't work..
try this
try adding this to your .htaccess file to disable those ugly sessionIDs
# Fix for ?PHPSESSID in clean URLsphp_value session.use_trans_sid 0
php_value session.use_only_cookies 1
# End of fix
www.misguidedthoughts.com
4.6 does it automatically
The above posts are correct, but only if your host uses normal PHP, i.e. as an Apache module. namely this:
php_value session.use_trans_sid 0php_value session.use_only_cookies 1
Some hosts changed to php suexec because of security issues (it runs with your user ID and not the Apache user ID).
If your host has switched to php suexec, then you need to place the needed parameters in a file called php.ini, since it will ignore .htaccess completely.
Also, 4.6 solves this problem by placing the needed parameters right in the settings.php files, using the init_set() call, and hence it does not matter whether your host is using php suexec or regular apache module php.
If you are using 4.6 already and still seeing session IDs in the URL, then please report back in this discussion, as well as submit an issue for it against drupal core.
Session IDs in the URL are a security risk, and a nuisance. I am not sure if they impact Google or not.
--
Consulting: 2bits.com
Personal: Baheyeldin.com
didn't i mentionned it ?
I'll try your fix, but I should mention that I AM using 4.6, clean urls and seeing this problem from time to time (not always).
Also, why should i set session.use-trans-id to 0 ??
I thought session.trans-id means USE TRANSPARENT ID, which is cookie.
i have this issue too
running 4.6.something
does anyone know how to fix it? my htaccess already has these:
# Fix for ?PHPSESSID in clean URLs
php_value session.use_trans_sid 0
php_value session.use_only_cookies 1
:(
Here's the fix
http://drupal.org/node/4109#comment-38607