Reputation:
What is PHPSESSID?
I'm playing around with cookies. And I dont have any cookies called PHPSESSID.
Do i need it? Can i remove it?
Whats the "function" of it?
if (count($_POST)) {
setcookie("TestCookie", htmlspecialchars($_POST['val']), time()+3600);
}
print_r($_COOKIE);
Prints:
Array
(
[TestCookie] => blabla
[PHPSESSID] => el4ukv0kqbvoirg7nkp4dncpk3
)
Upvotes: 80
Views: 278458
Answers (8)
Reputation: 623
If you set your session.name as dot or two dots in your php.ini, the cookie PHPSESSID disappears.
session.name=.
or
session.name=..
Upvotes: 0
Reputation: 1
That's because you were loading an insecure web app (likely HTTP) or even have some malware that wanted you to log back in after stealing your cookie. That way it could generate a new one to capture
Upvotes: -3
Reputation: 2347
Using cookies in PHPv7.4 and Microsoft Edge browser, PHPSESSID only seems to be generated when first loading/initializing a web app. If I remove the cookie the browser setting (but keep the web application tab open), it kills the session and forces me to login again. However when I log back into the web application the PHPSESSID cookie does not regenerate and yet I still have my session variables working as expected.
I was testing this because I have a web app that loads an external form (from another site) within an iframe and when the form submits and redirects back to my web app (within the iframe) it loses the session within the iframe. Removing the PHPSESSID cookie fixed the problem of losing the session, but I'm not sure why the cookie is the problem (but that is for another thread).
Upvotes: 0
Reputation: 146271
PHP uses one of two methods to keep track of sessions. If cookies are enabled, like in your case, it uses them.
If cookies are disabled, it uses the URL. Although this can be done securely, it's harder and it often, well, isn't. See, e.g., session fixation.
Search for it, you will get lots of SEO advice. The conventional wisdom is that you should use the cookies, but php will keep track of the session either way.
Upvotes: 73
Reputation: 31
PHPSESSID is an auto generated session cookie by the server which contains a random long number which is given out by the server itself
Upvotes: 3
Reputation: 5107
PHPSESSID reveals you are using PHP. If you don't want this you can easily change the name using the session.name in your php.ini file or using the session_name() function.
Upvotes: 29
Reputation: 1941
Check php.ini for auto session id.
If you enable it, you will have PHPSESSID in your cookies.
Upvotes: 2
Reputation: 55182
It's the identifier for your current session in PHP. If you delete it, you won't be able to access/make use of session variables. I'd suggest you keep it.
Upvotes: 5
Related Questions
- Why does my Wordpress website set a PHPSESSID cookie?
- How to find out why/where Symfony sets PHPSESSID cookie?
- PHP Session Handlers and PHPSESSID generation/verification
- How does PHP set the PHPSESSID into $_COOKIE superglobal variable without using the function setcookie() or setrawcookie()?
- How is the PHPSESSID generated?
- PHPSESSID via get
- May I turn off PHPSESSID and why it appear on my cookie?
- How PHPSESSID are saved?
- What is gained by changing the name of the PHPSESSID cookie?
- Is cookie PHPSESSID the only key to for a $_SESSION in PHP?