[thelist] PHP Session ID stopping HTML validation

john at johnallsopp.co.uk john at johnallsopp.co.uk
Fri Mar 31 04:11:59 CST 2006

> john at johnallsopp.co.uk wrote:
>> It's the fact that PHP puts its session id field straight after the
>> <form> tag that's stopping the page from validating.
> Sorry to be so dim, but "PHP puts its session id field"? Aren't _you_
> creating the form?
> Are you saying that the form is having additional markup generated by
> PHP on its own?
> Is this some additional module, or some php.ini switch, then? I use
> cookie-based session handling in PHP

Ah. Yes, PHP is adding a PHPSESSID field:

<form method='post' action='myP.php4'><input type="hidden"
name="PHPSESSID" value="386bfe3c6ad31ed526ea88c0f3a809e7" /><p><input
type='hidden' name='sub' value='1'><input type='hidden' name='uc'
value='1'><input type='image' src='images/reg.gif' name='reg'
alt='register' title='register'

I'm not sure under what circumstances PHP does this, though, so maybe
I'm missing something.

I've just read through this
<http://uk2.php.net/manual/en/ref.session.php> and I only half 'get'
it. I run session_start() at the start of my pages.

The SESSID doesn't appear to the user running a browser because that
accepts cookies. I think sticking SESSID into the form is PHP's way of
passing the session id when the browser doesn't accept cookies. I
presume the W3C validator acts like a browser that doesn't.

So, the page is valid under normal circumstances, but not when the W3C
validator checks through it. Put another way, the page probably isn't
valid in all accessibility/usability situations.


More information about the thelist mailing list