php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25901 session id breaks HTML spec
Submitted: 2003-10-18 12:36 UTC Modified: 2003-10-20 13:21 UTC
From: simon at mindlib dot co dot uk Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.1 OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-10-18 12:36 UTC] simon at mindlib dot co dot uk 
Description:
------------
A minor issue, but an important one.

When a URL is generated by PHP a session id tag is added of the form &PHPSESSID=...

In the configuration, the default character used to link tags is a straight ampersand. However, the W3C spec regarding character entities states that & should be used to avoid confusion. Since I cannot change the INI files of my ISP, this means I cannot get my pages to validate under W3C rules.

The default string used to separate tags in automatically generated URLs should be &

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-18 12:57 UTC] phildriscoll@php.net 
arg_separator.output in your php.ini sorts this out. 
See 
www.php.net/manual/en/configuration.directives.php
 [2003-10-19 16:39 UTC] simon at mindlib dot co dot uk 
This does not address the fault, which is with the default configuration setting. Changing the configuration is a workaround, not a fix. In this case I cannot change it as it belongs to my ISP.
 [2003-10-19 18:28 UTC] iliaa@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

arg_separator.output can be set via ini_set();
 [2003-10-20 13:21 UTC] simon at mindlib dot co dot uk 
Please have the decency to assume I am not an idiot.

Please also take a little time to read and understand what I am writing.

I am a QA professional, and this is a fault because the DEFAULT configuration does not meet the design standards for HTML laid out by W3C. Since PHP is intended to make it easy for people to meet those standards, it should make every effort to adhere to them. Default configuration should always try to be the optimal configuration.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 30 07:01:28 2024 UTC