Authorization links in sessions

Hello. There is a site, there is authorization for sessions, everything works, but sometimes the following code is added to the links /index.php?PHPSESSID=9ebca8bd62c830d3e79272b4f585ff8f. I think a lot of people have experienced this. How to fix this?


Answer 1, authority 100%

ini_set("session.use_only_cookies", 1);

Or set this session parameter in php.ini.
This is necessary to use only cookies in sessions, then the session ID will not be inserted into links and forms, but if cookies are disabled in the browser, then session_start()will cause an error.
You can do it, of course, but it will be the wrong decision. If PHP does not find the session ID in the cookies or in the url, then with session_start()it tries to write the session ID into both the links on the page and the cookies, so that the visitor didn’t lose session if cookies are disabled.
If you enable this option, you will have to require the visitor to enable cookies.