I'm looking for the right spot to include:
ini_set("session.use_cookies", 1);
ini_set("session.use_only_cookies", 1);
ini_set("session.use_trans_sid", 1);
...to remove PHPSESSID from URLs. It needs to be included at the beginning of every page and before:
session_start()
You can see the PHPSESSID in URLs in the
Google Structured Data Validator (https://search.google.com/structured-data/testing-tool#url=https%3A%2F%2Fwww.elkarte.net%2Fcommunity%2Findex.php%3Fboard%3D17.0).
Yes, guests get sessionid in the url during the 1st page load.
Google will catch up in a short while when canonical url is taken as reference.
It's not actually a php setting, but its injected in the code (and last time I remove some fancy stuff started happening, but can't remember the specifics because it was so long ago).
Well, you can try at the beginning of index.php, but as I said I'm not sure about the implications.
Well, I found/resolved the issue:
File: /sources/Session.php
find:
@ini_set('session.use_only_cookies', false);replace:
@ini_set('session.use_only_cookies', true);I'll monitor for issues. So far so good.