There are generally three different ways, how you can set PHP globals and settings. You can use PHP’s configuration file,
.htaccess file or set it directly in PHP code, using
ini_set() function. Which way to use depends mainly on your approach and server configuration, as not all of solutions mentioned here are available on every hosting.
The best option (if available), is — of course — to set value directly in
session.use_only_cookies = 1
session.use_trans_sid = 0
Unfortunately, on most servers and hostings admin will not allow you to directly modify
php.ini file (for obvious reasons). In this case we may consider using
.htaccess file (only, if server’s admin has considered it as well!):
php_flag use_only_cookies On
php_flag session.use_trans_sid Off
This approach has another great advantage — it sets these configuration parameters locally. Meaning, that it will be respected by PHP interpreter only for files executed from this folder and all subfolders (only, if these settings were not overwritten by other
.htaccess files or using method below).
If second approach is not possible or not wanted, then we still have third option of setting configuration directly in PHP code:
And, again, this gives us another advantage of setting or changing configuration really locally. These settings will be respected only for current PHP session and can be changed at any time, by any script.