PhpSecInfo Test Information
This test determines if use_trans_sid is enabled.
When use_trans_sid is enabled, PHP will pass the session ID via the URL. This makes it far easier for a malicious party to obtain an active session ID and hijack the session.
Disable use_trans_sid in your PHP environment. You can do this in the php.ini file:
; Disable use_trans_sid for security reasons session.use_trans_sid = 'off'
The setting can also be disabled in apache's httpd.conf file:
# Disable use_trans_sid for security reasons php_flag session.use_trans_sid off
Under PHP5, you can also use a .htaccess file to disable use_trans_sid.