How to get rid of PHPSESSID in the URL

Cheap Web Hosting
Cheap Web Hosting

Generally we will encounter a problem like ?PHPSESSID= would appear in the URLs while users are browsing, like

This string is a Session ID at the PHP level.

Having the PHPSESSID in the URL is not only ugly, but also a security risk. If you visit a page from a certain web site that has PHPSESSID turned on, a malicious admin on the site you are visiting can gain your privileges on that certain site.

For these two reason, you do not want the PHPSESSID in your URLs.

Using .htaccess

You need to put the following two lines in the .htaccess file, if your PHP as an Apache module:

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

Using a local php.ini

To make things more complicated, some hosts use PHP as a CGI executable. Many use this as an suExec environment, such as that from

For PHP as CGI, you need to make the changes in a file called php.ini that has a slightly different format. The above parameters would look like this:

session.use_only_cookies = 1
session.use_trans_sid = 0

At web hosting the tech support can help you do just that. Just open a ticket and help is there is few min. supports php web hosting using latest php versions on their servers.