PHPSESSID in your URL? Learn to 301 redirect them with PHP

I’m doing some work on a site which has like 4,500 pages indexed with a PHPSESSID in the URL, causing some major duplicate content problems. I got the server admin to disable the PHPSESSID’s by adding the following to the vhost config:

php_value session.use_trans_sid 0
php_value session.use_only_cookies 1

I also wanted Google to get a clean URL when it decided to spider one of the old URL’s again, and didn’t have access to mod_rewrite, so I redirected them with some PHP. The solution is quite simple:

if (isset($_GET['PHPSESSID'])) {
	$requesturi = preg_replace('/?PHPSESSID=[^&]+/',"",$_SERVER['REQUEST_URI']);
	$requesturi = preg_replace('/&PHPSESSID=[^&]+/',"",$requesturi);
	header("HTTP/1.1 301 Moved Permanently");
	header("Location: http://".$_SERVER['HTTP_HOST'].$requesturi);

19 Responses

  1. Arjan Eising
    By Arjan Eising on 30 March, 2007

    Thanks for sharing this Joost. Note that if you haven’t access to the ini files, this parameters can set by using the ini_set function.

  2. Joost de Valk
    By Joost de Valk on 30 March, 2007

    very true Arjan, thx! (and sorry, I edited your comment to change the link to instead of :) )

  3. Arjan Eising
    By Arjan Eising on 30 March, 2007

    Ah damn, sorry for that one. automatically redirects to the Dutch version, so I didn’t notice it.

  4. Joost de Valk
    By Joost de Valk on 30 March, 2007

    no probs, I just know they don’t like it when you link to a local mirror :)

  5. Jens
    By Jens on 2 July, 2007

    Short and sweet. I really have problems with Session-IDs in WordPress. I will try your hint! But I really wonder, that there is no wordpress plugin for the redirection of session-id-spamed urls… should not be too difficult…

  6. Dainų tekstai
    By Dainų tekstai on 13 December, 2007

    Thanks for it. Very useful. But there is any solution with PhP to leave previos url when page redirect to new page?

  7. Chris Brown
    By Chris Brown on 14 January, 2008

    Thanks for sharing. Very nice trick :)

  8. fra
    By fra on 4 February, 2008

    hi joost
    i am having the same problem here. since i dont know anything about coding i wanted to ask you if i have to place the second code you provided in this post in the php.ini file as well…thanks!

  9. Robert
    By Robert on 31 March, 2008

    I got this problem:
    Warning: preg_replace() [function.preg-replace]: Compilation failed: nothing to repeat at offset 0 in …

    and solved it like that:

    $requesturi = preg_replace(‘/&PHPSESSID=[^&]+/’,””,$_SERVER[‘REQUEST_URI’]);
    $requesturi = preg_replace(‘/PHPSESSID=[^&]+/’,””,$requesturi);

  10. OK85
    By OK85 on 23 April, 2008

    But by using the redirection you will loose all data stored in sessions, don’t you?

  11. Crispijn
    By Crispijn on 7 June, 2008

    Very nice feature! I solved the prob really quick!

  12. Milan
    By Milan on 23 March, 2009

    And how to stop WordPress and other scripts from creating cookies with PHPSESSID? I don’t see their use and they are only wasted bandwidth.

  13. Scritube
    By Scritube on 31 March, 2009

    PHPSESSID can’t be used for that.

    but try on you header :

  14. Boogie
    By Boogie on 16 April, 2009

    Hi, thanks für this easy to use solution.
    I modified the regexp code:
    $requesturi = preg_replace(‘/[.|?|&]PHPSESSID=[^&]+/’,””,$_SERVER[‘REQUEST_URI’]);

  15. Misko
    By Misko on 14 May, 2009

    Where did you change/put that code exactly? Where is the “vhost config”?
    thanx a lot!