- From: David Dorward <david@dorward.me.uk>
- Date: Tue, 19 Apr 2005 12:18:22 +0100
- To: mathieu.maes@ing.be
- Cc: www-validator@w3.org
On Tue, Apr 19, 2005 at 11:28:23AM +0200, mathieu.maes@ing.be wrote:
> The problem is that I don't control the "&PHPSESSID=" part of the URL. PHP
> adds this automatically when you use sessions.
The PHP manual does tell you how to fix this, why it doesn't have the
correct behaviour as the default I don't know. Take a look at
http://php.net/session and search for "XHTML conformance". The fix
applies equally to HTML.
> Add this line in the PHP script before session_start() :
>
> ini_set('session.name',";ampPHPSESSID");
I think you intended to put the semi-colon after the "amp".
I rather suspect that you will find this break sessions for users
without cookies. Their browser will link to "&PHPSESSID" and then the
session handling code will look for "amp;PHPSESSID". You can test this
easily enough by turning cookies off.
> Maybe you could add this information on the W3C website in the part
> "Ampersands in URLs" ?
This issue does come up a lot, so its probably worth writing a proper
explanation and describing the fixes. I might do that this
evening. The error message text could then be modified to include
something along the lines of: If you are using PHP sessions then you
may wish to read <a ...>rogue ampersands in PHP scripts</a>.
(Responses to the mailing list, not my inbox please)
--
David Dorward http://dorward.me.uk
Received on Tuesday, 19 April 2005 11:18:25 UTC