OK I think I may have figured it out. I found that the main index.php file (in the root of the site) sets these session cookies, and there is also some code that specifies that PHP sessions should be saved as cookies (instead of part of the query string), which I think would also be a good idea to change. I’ve just made these changes on a test installation and I didn’t immediately see any issues (Manager use is unaffected, and the cookies are no longer set).
Try making these changes also and see how it works for you. Both are in the main index.php file. The first is at or around line 59; the changed code should read:
@ini_set('session.use_trans_sid', 1);
@ini_set('session.use_only_cookies',0);
All I’ve done here is to reverse the 0 and 1 in these two configs. I’m not really sure that this is necessary, but I figure it’s better to be safe than sorry in these circumstances.
The second change is just commenting out the following line at around line 108:
// start session
// startCMSSession();
All I did here is to comment out the startCMSSession function so that it does not run. This is the function that sets these temporary session vars. It’s located in manager/includes/config.inc.php if you’re curious about it.
I don’t think that these session vars should be necessary if you’re not doing anything like allowing web users to login from the front end, etc., but I’ve never investigated this before tonight so maybe someone who’s worked with this code more can verify this. I wouldn’t think that it’s necessary, and it seems to work fine when I try it out. Manager login and use should be unaffected.
Let us know if this helps you or if you have any problems.