W3C home > Mailing lists > Public > www-validator@w3.org > April 2005

Re: suggestion concerning PHP sessions

From: David Dorward <david@dorward.me.uk>
Date: Tue, 19 Apr 2005 12:18:22 +0100
To: mathieu.maes@ing.be
Cc: www-validator@w3.org
Message-ID: <20050419111822.GB20485@us-lot.org>

On Tue, Apr 19, 2005 at 11:28:23AM +0200, mathieu.maes@ing.be wrote:
>    The problem is that I don't control the "&PHPSESSID=" part of the URL. PHP
>    adds this automatically when you use sessions.

The PHP manual does tell you how to fix this, why it doesn't have the
correct behaviour as the default I don't know. Take a look at
http://php.net/session and search for "XHTML conformance". The fix
applies equally to HTML.
>    Add this line in the PHP script before session_start() :
>     ini_set('session.name',";ampPHPSESSID");

I think you intended to put the semi-colon after the "amp".

I rather suspect that you will find this break sessions for users
without cookies. Their browser will link to "&PHPSESSID" and then the
session handling code will look for "amp;PHPSESSID". You can test this
easily enough by turning cookies off.

>    Maybe you could add this information on the W3C website in the part
>    "Ampersands in URLs" ?

This issue does come up a lot, so its probably worth writing a proper
explanation and describing the fixes. I might do that this
evening. The error message text could then be modified to include
something along the lines of: If you are using PHP sessions then you
may wish to read <a ...>rogue ampersands in PHP scripts</a>.

(Responses to the mailing list, not my inbox please)

David Dorward                                      http://dorward.me.uk
Received on Tuesday, 19 April 2005 11:18:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 14:17:45 UTC