Click here to get back home

Problem with xhtml Validator at http://validator.w3.org/
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.infosystems.www.authoring.html    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Problem with xhtml Validator at http://validator.w3.org/ Mathias Clarstedt 07-27-2005
Get Chitika Premium
Posted by Mathias Clarstedt on July 27, 2005, 5:06 am
Please log in for more thread options

Trying to validate my site but I get some weird error messages. Every
link I have on the page gets added with server phpsessid when
http://validator.w3.org/ is trying to validate my page. For example:
<a href="index.php?forum=start&amp;nr=0">
        <span class="spaner">Forum</span>
</a>
is becoming:
<a href=
"index.php?forum=start&amp;nr=0&PHPSESSID=5ef3539efb86412443290278ac10bff">
<span class="spaner">Forum</span></a>
There is two problems with this involuntary add of phpsessid in every
link I have on my page! One is that my page is never going to be
approved because the missing ampersand and second is that it is adding
this id and Im a bit scare that this is a security problem on my server.
I really dont know what to do about it. Could this be a bug in the
validator? I have no idea!

Im writing my webpage in DTD XHTML 1.0 Transitional.
Im not getting this problem on one off my subdomains but its written in
HTML 4.01 Transitional.
Anybody got a idea what I can do about this?

best regards
Mathias

Posted by James Pickering on July 26, 2005, 9:18 pm
Please log in for more thread options

Please provide a URI.

James Pickering: http://www.jp29.org/
XHTML served via content-negotiation
RSS feed via RDF/XML


Posted by Bjoern Hoehrmann on July 27, 2005, 6:20 am
Please log in for more thread options


* Mathias Clarstedt wrote in comp.infosystems.www.authoring.html:
>There is two problems with this involuntary add of phpsessid in every
>link I have on my page! One is that my page is never going to be
>approved because the missing ampersand and second is that it is adding
>this id and Im a bit scare that this is a security problem on my server.

It is probably added to track the user throughout the site by the PHP
support in your web server installation. You probably don't see this in
your browser as it supports Cookies (an alternate means typically used
for the same purpose) while the Validator does not. The arg_separator
PHP configuration setting controls whether PHP uses & or some other
string like &amp; to separate parameters. It should also be possible to
deactivate this session tracking for your web site. How to do that
depends on the configuration of your web server, you should probably
contact your administrator or web hosting support on this matter.
--
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

Posted by David Dorward on July 27, 2005, 7:59 am
Please log in for more thread options


Mathias Clarstedt wrote:

> Trying to validate my site but I get some weird error messages. Every
> link I have on the page gets added with server phpsessid when
> http://validator.w3.org/ is trying to validate my page.

The validator does not accept cookies, so your PHP session handling is
falling back to query strings and hidden inputs.

> There is two problems with this involuntary add of phpsessid in every
> link I have on my page! One is that my page is never going to be
> approved because the missing ampersand

Configure PHP correctly, the authors of it won't.
http://www.w3.org/QA/2005/04/php-session

> and second is that it is adding
> this id and Im a bit scare that this is a security problem on my server.

You have to balance the risk of leaking the session id with the usability of
not requiring the user to accept cookies.

If security was a real issue then you should be using SSL, and you wouldn't
need to worry about the session id being leaked - at least through the
referer, which is about the only place it can be grabbed from short of the
user copy/pasting the URL (which, if the information needed to be kept
secure, there probably wouldn't be much point in them doing).

> I really dont know what to do about it. Could this be a bug in the
> validator?

No.

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Similar ThreadsPosted
http://validator.w3.org/ -bug? March 4, 2005, 3:00 pm
w3.org validator problem September 30, 2004, 5:20 am
problem with the w3.org validator October 5, 2004, 7:17 am
Validator problem February 5, 2005, 10:12 pm
Validator Problem May 9, 2006, 11:17 pm
why doesn't W3 validator recognize my doc as XHTML? September 15, 2005, 7:32 am
error(?) "302 Found" on Validator XHTML W3C August 5, 2005, 6:19 am
XHTML Validator choking on something that is not in my page August 6, 2005, 2:44 pm
XHTML 1.0 Validator: No attributes, elements not defined... August 11, 2004, 3:21 am
target or onclick with XHTML 1.1 & Validator XHTML2 October 7, 2004, 1:41 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap