Rewrite url to remove PHPSESSID and SID parameters

Home Forums BulletProof Security Free Rewrite url to remove PHPSESSID and SID parameters

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 30, 2013 at 6:03 am #10769
    Mouillard
    Participant

    Hi everybody,

    I have a little knowledge in htaccess area so I love BPS security. Great plugin !

    But I dont know where to write my code to remove PHPSESSID and SID parameters from urls. I’ve tried into Custom Code >Root htaccess File Custom Code >CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE

    Then CUSTOM CODE WP REWRITE LOOP START

    Then CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES

    …but all these boxes give me a 500 error. (I have made others changes in this page without any problem)

    My custom code is (and I precise it was working well before I install BPS):

    php_flag session.use_trans_sid off
php_flag session.use_only_cookies on

RewriteEngine On
#remove PHPSESSID
RewriteCond %{QUERY_STRING} PHPSESSID=.*$
RewriteRule .* %{REQUEST_URI}? [R=301,L]

RewriteEngine on
RewriteCond %{HTTP_HOST} !^lesdoigtsdanslenet\.com$ [NC]
RewriteRule ^(.*)$ http://lesdoigtsdanslenet.com/$1 [R=301,L]

    I hope for help, thanks a lot for any answer !

    October 30, 2013 at 7:30 am #10775
    AITpro Admin
    Keymaster

    To rewrite www to non-www URLs you would incorporate your code into the WordPress Rewrite Loop start code

    http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-5566

    # WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.domainname\.com$ [NC]
RewriteRule ^(.*)$ http://domainname.com/$1 [R=301,L]
RewriteRule ^index\.php$ - [L]

    You would put this code in the top php handler Custom Code text box.  Are you sure your Server type allows you to use php_flag directives in .htaccess files?

    php_flag session.use_trans_sid off
php_flag session.use_only_cookies on

#remove PHPSESSID
RewriteCond %{QUERY_STRING} PHPSESSID=.*$
RewriteRule .* %{REQUEST_URI}? [R=301,L]
    October 30, 2013 at 10:41 am #10788
    Mouillard
    Participant

    Thanks for your answer. But I’m not sure I explained correctly my situation.

    I think I don’t need the code to rewrite www to non-www because I have my serveur set up (DNS).

    Whtat I need, is to remove PHPSESSID from my urls. Before installing BPS, I used the code I gave to do it (I don’t really understand what it does, I just found it on Internet). That worked well, so I assume my server allows these instructions.

    Then, when I installed BPS (6 month ago), I forgot to put this code into… and PHPSESSID  parameter is shown in Google Analytics again.

    So I try to put this code back trought BPS but failed, and get the 500 error code.

    You would put this code in the top php handler Custom Code text box.

    I’ve tried to put it in the first box “CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE” but still 500 error. Other idea ?

    Thanks,

    October 30, 2013 at 10:48 am #10790
    AITpro Admin
    Keymaster

    It is possible then that something has changed on your Server and that this code no longer works on your Server.  Most web hosts do NOT allow you to use php_flag and php_value directives in an .htaccess file so before doing anything else please contact your Host and ask them if your code is still allowed and will work on your Server.  I’d say about 1 in 200 Hosts do allow php_flag to be used in .htaccess files so it is very rare.  Typically / normally these settings would be added to a custom php.ini file instead.

    http://php.net/manual/en/session.configuration.php

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.