由于PHPSESSID，PHP网站无法通过W3C进行验证

Question

My site isn't validating due to PHPSESSID being seen in the source code, however, this wasn't happening just a few days ago and I've not done anything to cause this, as far as I am aware. My host also denies any knowledge of changing anything.

The PHPSESSID isn't visible when I view the source of the pages myself, so it seems to be something to do with the interaction between my site and the validator. Any ideas how I can resolve it, I have trawled the internet and tried various settings on the server but to no avail.

I know that PHPSESSID is used when cookies are blocked, has the validator changed somehow?

I realise there are other validation issues on there as well but I know how to fix those and will be doing so over the coming days.

Thanks for any advice.

The site is http://www.fantasy-f1-league.com/info.php (that's a PHP info page, the site is without the file name at the end)

Answer 1

It's the session.use_trans_sid option, which tells PHP to persist the session ID via non-cookie means. That means PHP will be parseing your page, looking for ANY links and forms, and adding the session ID as a query parameter and/or hidden form field.

trans_sid is a nasty security risk if you're doing anything "important",b ecause it DOES transmit the session ID around in URLs, means it's utterly trivial to hijack someone's session, and the session ID will also leak out to other sites in HTTP REFERERS and whatnot.

Answer 2

It does not validate because in the links & should be replaced with & .

Also ..

• who the hell uses HTML4.01 transitional in this day an age ?!
• move your JS code to an external file(s), which you include before </body>
• LANGUAGE="JavaScript" has not place in <script>
• class names should describe what the tag contains , and not where it is and how it looks like
• <center> tag is deprecated