[thelist] setting sessions inserts invalid code - pourquoi?

Rich Gray rich at f1central.net
Thu Feb 6 07:30:18 CST 2003


Here's an interesting thing I've not seen before.

I am using a session variable on one of my pages to keep track of the
refering
url.

This means that when someone submits a form on that page, and it reloads,
their initial refer is still in place and so the "< < Go back" link works.

All is good.

However, when I come to validate my page I find that the bloomin session
thing
has inserted hidden form fields into all my forms and invalidates the page.

For example, the hidden input below named "PHPSESSID" has been added in by
the
server (I guess that's what does it):


44: <div>
45: <form action="search.php" method="get" id="searchform"><input
type="hidden" name="PHPSESSID" value="578900f8512e982c933554c0ad8ec048" />
46: <div style="text-align: right;">
47: <input accesskey="s" type="text" size="40" id="searchterms"
name="searchterms" /> <input type="submit" value="search links" />
48: </div>
49: </form>
50: </div>


And as there's not way to enclose that in a block level element my pages
don't
validate.

What's up with that? Any solutions or comments out there?

Thanks - dunstan
-----------------

Hi Dunstan

If you have enabled session.use_trans_sid in your php.ini then when the user
loads the first page of your site php doesn't know whether the browser
accepts cookies or not so it will append the PHPSESSID stuff. Once it has
worked out that the browser is accepting cookies then on subsequent pages it
shouldn't use PHPSESSID anymore. Disable cookies in your browser and you'll
see PHPSESSID is tacked on always...

You can disable session.use_trans_id but this will mean your scripts cannot
rely on session support as the browser may be refusing cookies.

HTH
Cheers
Rich




More information about the thelist mailing list