While looking at a site the other day I noticed a PHPSESSID token appended to the URL, here’s how to get rid of it… in the .htaccess file tell php to store the token in cookies, rather than pass the variable through the URL:
## add to .htaccess php_value session.use_only_cookies 1 php_value session.use_trans_sid 0
