[thelist] PHP puts sessid and stops W3C validation

David Dorward evolt at david.us-lot.org
Sun Apr 25 03:46:32 CDT 2004 

On Sun, 25 Apr 2004 04:04:51 -0400 (EDT), <john at johnallsopp.co.uk> wrote:
> and I'm trying to get the 4.01 strict page through the W3C HTML validator
> When the page is served, the PHP server adds a PHPSESSID like so:
> <div class="secondColThird"><form action="abc.php4" method="post"><input
> type="hidden" name="PHPSESSID" value="786a55eec739cdf482d7c9cebf61327a"
> />

This is becuase the validator does not accept cookies, so it has to store  
session data using another technique.

> The problem is, I'm getting a "Line 30, column 152: document type does  
> not allow element "INPUT" here

> It's already within a <div> tag, so what's it's problem anyway?

The content model of the <form> element is similar to that of the <body>  
element, in Strict it can not have child elements which are inline content.

The simpliest solution is to work with the DTD that the internal HTML  
generating functions of PHP are geared towards - XHTML 1.0 Transitional.

I would suggest you take a read of http://uk.php.net/session, but note  
that it shows some notiable lack of understanding about what XHTML is and  
isn't very helpful.

        url_rewriter.tags specifies which HTML tags are rewritten to
        include session id if transparent sid support is enabled.
        Defaults to  
a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=

        Note: If you want XHTML conformity, remove the form entry and use  
the
        <fieldset> tags around your form fields.

The first bit of pure rubbish in this is the bit about XHTML conformity -  
the default settings conform to XHTML 1.0 Transitional. If they mean XHTML  
1.0 Strict conformity, then removing the "form=fakeentry" section does  
solve that, but the bit about <fieldset> tags is only half right - you can  
use any block level element in there. You are using paragraphs at the  
moment (Although I wouldn't consider a submit button consisting of a  
single word to be 'a paragraph').

Unfortunatly, having just tested this, that fails to insert the session id  
into the form at all. Changing it to fieldset=fakeentry doesn't help  
either.

So I'm yet to find any technique that allows you to use PHP sessions and  
conform to any standard other then XHTML 1.0 Transitional. (You could  
validate against the HTML 4.01 Strict DTD, but this would be depending on  
browsers error correcting <input ... /> to mean <input ...> instead of  
<input ...>> (doubt gr intentional).

-- 
David Dorward       <http://blog.dorward.me.uk/>   <http://dorward.me.uk/>

More information about the thelist mailing list