I was successful in eliminating PHPSESSID from the URL, but it still gave me validation errors. It was because a hidden input element was being inserted immediately after the form element, that is, not in a fieldset, which causes XHTML invalidation. This seems to be a PHP bug itself. To work around this I added the following to my .htaccess file:
php_value url_rewriter.tags “a=href,area=href,frame=src,input=src”
What this does is it removes form and fieldset elements from getting rewritten for including sessions. But to still be able to use sessions we need to add the hidden input element with name PHPSESSID manually:
<input type=”hidden” name=”PHPSESSID” value=”<?php echo session_id();?>” />
The validation is going on fine, but I have not tested it enough. If you do get a bumpy ride, kindly ping me.
April 3rd, 2007 at 12:04 pm
A very odd thing there, cuz if you use the line in the .htaccess file that you mentioned in your earlier posts - http://ifacethoughts.net/2007/03/28/phpsessid-in-urls/ - and what I mention in the comments, you don’t need to input
php_value url_rewriter.tags “a=href,area=href,frame=src,input=srcâ€
†/>session_start()
in the beginning of the php file to be able to use sessions.
April 3rd, 2007 at 12:08 pm
ehm, some editing errors in that last comment, but it should say after the first code line:
“or
<input type=â€hidden†name=â€PHPSESSID†value=â€<?php echo session_id();?>†/>
to make it validated, I think it differs from web server to web server.
The only thing (imho) you need to have to use sessions, is to have a
session_start()in the absolute beginning of the php file using sessions.”
April 3rd, 2007 at 12:50 pm
Alexander, what I believe is the url_rewriter tells which tags to rewrite to include the session id. By specifying it explicitly, we are telling it to not rewrite for form and fieldset, as mentioned in PHP session handling functions.