[WSG] auto generated PHP sessions identifier causes valodation errors

2004-07-03 Thread Andrey V. Stefanenko 

Dear Sirs,

please any help with

http://validator.w3.org/check?uri=http%3A//www.idealcouple.com/test/

I  am not able to confignure auto generated PHP output
dta href=./profile/?pid=1025PHPSESSID=6a2db2de31fb7e15728cc68dd01899c4
and not able to avoid ampersands in URL
Should I and how i can setup my PHP?

But i can avoid links - change them with forms and buttons. Is this the BEST 
solution  for this trouble?


Many Thanks

Andrey 
http://development.it.net.ua/
mailto: [EMAIL PROTECTED]
*
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list  getting help
*

Re: [WSG] auto generated PHP sessions identifier causes valodation errors

2004-07-03 Thread Jeremy Keith 
Andrey V.Stefanenko wrote:
I  am not able to confignure auto generated PHP output
dta 
href=./profile/?pid=1025PHPSESSID=6a2db2de31fb7e15728cc68dd01899c4
and not able to avoid ampersands in URL
Should I and how i can setup my PHP?
I'd like to know if there's a solution to this as well. It's the one 
thing that stops some of my sites from validating:
http://validator.w3.org/check?uri=http://www.thesession.org/index.php

But i can avoid links - change them with forms and buttons. Is this 
the BEST
solution  for this trouble?
That might just create a different problem. PHP will insert a hidden 
input field:
input type=hidden name=PHPSESSID 
value=6a2db2de31fb7e15728cc68dd01899c4 /
But it won't wrap that tag in a block level element so there'll still 
be validation issues.

Any PHP gurus out there know if there's a way of customising how PHP 
passes the session id?

--
Jeremy Keith
a d a c t i o
http://adactio.com
*
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list  getting help
*

Re: [WSG] auto generated PHP sessions identifier causes valodation errors

2004-07-03 Thread Anders Nawroth 
Andrey V. Stefanenko wrote:
I  am not able to confignure auto generated PHP output
dta href=./profile/?pid=1025PHPSESSID=6a2db2de31fb7e15728cc68dd01899c4
and not able to avoid ampersands in URL
Should I and how i can setup my PHP?
 

In your .htaccess file:
php_value arg_separator.output amp;
or in Php:
ini_set('arg_separator.output','amp;');
But i can avoid links - change them with forms and buttons. Is this the BEST 
solution  for this trouble?
 

I don't think so. Php will mess up your forms even worse.
You could also avoid using session id's in links, using only cookies.
php_value session.use_trans_sid 0
php_value session.use_only_cookies 1
/AndersN
*
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list  getting help
*

Re: [WSG] auto generated PHP sessions identifier causes valodation errors

2004-07-03 Thread Toni Viemero 
Andrey V. Stefanenko wrote:

 I  am not able to confignure auto generated PHP output
 dta href=./profile/?pid=1025PHPSESSID=6a2db2de31fb7e15728cc68dd01899c4
 and not able to avoid ampersands in URL
 Should I and how i can setup my PHP?

You need to set arg_separator.output to amp; instead of 
That can be modified in couple of places:

Globally in php.ini
   arg_separator.output = amp;
or locally in .htaccess
   php_value arg_separator.output amp;
or locally in PHP script:
   ini_set('arg_separator.output', 'amp;');

-- 
Toni Viemerö  |  http://selfdestruct.net
The ones who dont do anything are always the ones who try to pull you
 down.
*
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list  getting help
*

Re: [WSG] auto generated PHP sessions identifier causes valodation errors

2004-07-03 Thread Mordechai Peller 
Anders Nawroth wrote:
You could also avoid using session id's in links, using only cookies.
php_value session.use_trans_sid 0
php_value session.use_only_cookies 1
This also takes care of the security issue (not a 100% fix, but it 
helps) of having the ID in the address window and in the links. Another 
option is to allow the URI changes for browsers with cookies off, but to 
sniff out and exclude that option for bots and validators.

Bottom line: we live in an imperfect world.
*
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list  getting help
*