Home/ Questions/Q 5968379
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T20:04:53+00:00

PHP puts the session id into the URL when cookies are turned off. Does

  • 0

PHP puts the session id into the URL when cookies are turned off. Does this session id have to be accounted for (by proactively coding for it) in the case where .htaccess rewrite is being used?

Also, I presume that when cookies are off the session id cannot be propagated automatically when there are a mix of .php files and .html being served. That is, if a user navigates to an .html page from a .php page and then back to .php page, the session id is lost as the .html file cannot account for it. Is this correct?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In most cases the session ID does not figure in .htaccess processing because it is in the QUERY_STRING part of the URL (that is, after a ?). But you might have to account for it if you test QUERY_STRING in a RewriteCond or replace it in a RewriteRule.

    And you presume correctly, the session ID will not propagate through a pure HTML file. However, you could use .htaccess to run .html files through PHP:

    AddType application/x-httpd-php .html

    and something like this to activate the URL rewriting feature for those files:

    <FilesMatch "\.html$">
    php_value auto_prepend_file "/home/*******/public_html/session_start.php"
</FilesMatch>

    where session_start.php contains just:

    <?php session_start();

    (See this SO question for details).

    Or you could just put up an error page telling users that you don’t support running with cookies off.

    • 0