Problem with xhtml Validator at

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Trying to validate my site but I get some weird error messages. Every
link I have on the page gets added with server phpsessid when is trying to validate my page. For example:
<a href="index.php?forum=start&amp;nr=0">
    <span class="spaner">Forum</span>
is becoming:
<a href=
<span class="spaner">Forum</span></a>
There is two problems with this involuntary add of phpsessid in every
link I have on my page! One is that my page is never going to be
approved because the missing ampersand and second is that it is adding
this id and Im a bit scare that this is a security problem on my server.
I really dont know what to do about it. Could this be a bug in the
validator? I have no idea!

Im writing my webpage in DTD XHTML 1.0 Transitional.
Im not getting this problem on one off my subdomains but its written in
HTML 4.01 Transitional.
Anybody got a idea what I can do about this?

best regards

Re: Problem with xhtml Validator at

Please provide a URI.

James Pickering: /
XHTML served via content-negotiation
RSS feed via RDF/XML

Re: Problem with xhtml Validator at

* Mathias Clarstedt wrote in comp.infosystems.www.authoring.html:
Quoted text here. Click to load it

It is probably added to track the user throughout the site by the PHP
support in your web server installation. You probably don't see this in
your browser as it supports Cookies (an alternate means typically used
for the same purpose) while the Validator does not. The arg_separator
PHP configuration setting controls whether PHP uses & or some other
string like &amp; to separate parameters. It should also be possible to
deactivate this session tracking for your web site. How to do that
depends on the configuration of your web server, you should probably
contact your administrator or web hosting support on this matter.
Björn Höhrmann · ·
Weinh. Str. 22 · Telefon: +49(0)621/4309674 ·
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 ·

Re: Problem with xhtml Validator at

Mathias Clarstedt wrote:

Quoted text here. Click to load it

The validator does not accept cookies, so your PHP session handling is
falling back to query strings and hidden inputs.

Quoted text here. Click to load it

Configure PHP correctly, the authors of it won't.

Quoted text here. Click to load it

You have to balance the risk of leaking the session id with the usability of
not requiring the user to accept cookies.

If security was a real issue then you should be using SSL, and you wouldn't
need to worry about the session id being leaked - at least through the
referer, which is about the only place it can be grabbed from short of the
user copy/pasting the URL (which, if the information needed to be kept
secure, there probably wouldn't be much point in them doing).

Quoted text here. Click to load it


David Dorward       < <
                     Home is where the ~/.bashrc is

Site Timeline