Removing session ID ?___SID=U from your Magento store URL

Another Magento tip for this week’s post, as that’s what we’ve primarily been working in! We had been getting ready to launch a Magento 1.6 store, when some users testing the store were coming across Magento’s session ID appearing in the URL for certain pages. The session ID was appearing as follows:


or similar. In our Magento instance, the page’s URL was appended afterwards, such as:


You can hide Magento’s session ID in Magento’s administration panel, under System > Configuration > Web. Look for the ‘Use SID on the Frontend’ setting and set it to ‘No’ in the ‘Session Validation Settings’ block. This was already set to ‘No’ on our Magento installation, so we dug a little deeper and found you could disable the session IDs from appearing in the store’s URLs by setting a value in the App.php file. App.php is found in the app/code/core/Mage/Core/Model directory, and this is what you need to add/change in the file:

$_useSessionInUrl = false;

Obviously, this isn’t an ideal as editing a core Magento file means that the file can be overwritten when it comes to an update, wiping out any customisations you’ve made to core. Thanks to Magento’s file hierachy, though, you can copy the App.php file and make the change in the app/code/local/Mage/Core/Model directory and bypass the core file that way.