The PHPSESSID is displayed in my MediaWiki site. How
secure is it to
have PHPSESSID displayed? If it can be disabled what is the best way to
do it? Thanks
This is a PHP sessions option; I'd recommend turning it off, as session
IDs could be taken from the referer information passed by the browser
when the user clicks on an external link.
I believe the option to turn off is session.use_trans_sid. You can do
this in php.ini, possibly in an .htaccess, or with the ini_set()
function in your LocalSettings.php.
-- brion vibber (brion @ pobox.com