W3C strict validation and session_start() input hidden issue - not passing
Couple of days ago, I’ve finished building a new website of mine for Design to XHTML service. One of the things needed for a such a project is having the page(s) passed W3C Strict Validation.
Everything was cool except for the phantom hidden input field that was holding PHPSESSID value. The problematic input field was positioned right after the <form> tag, and you can’t have that if you want to pass W3C strict. You have to enclose that field with a <p> or a <div>.
I’ve installed a JQuery SWFUpload for easy & user friendly upload experience, so I thought that script might be the one causing trouble. I’ve spent an hour running through lines and lines of code and couldn’t find nothing relating to my problem.
Since that was the only exotic part of code I was inserting, I turned over to session_start() as my primary suspect. I’ve stripped everything from the page, left only the form and the session_start() function call. Uploaded, W3C verified and that was it! For some reason session_start() invoked another hidden field in my form that didn’t render in my Firefox or Safari, but only in W3C. Knowing that, the only solution was simple:
if(!strstr(”$HTTP_USER_AGENT”, “Validator”)) {
session_start();
}
All I can say is I hope this saves somebody an hour of his life.
Technorati Tags: w3c, strict, validation, session_start, input, hidden, not passing
July 2nd, 2008 at 4:05 am
Dude, seriously? That’s a stupid trick. The only thing that session_start() will do - from the client’s point of view - is to send cookies back in the header. It doesn’t randomly add fields or any content to your pages.
When are you running session_start()? It needs to be very early on in the script, before any output is sent (that is, unless you are using ob_*).
The page that is generated to your clients should be exactly the same as what is generated for the Validator, otherwise you are just validating a special case.
Next time, try running the Validator with at least the “Show Source” and “Verbose Output” options. Oh, and install the “web developer” and “firebug” Firefox extensions, and learn how to use the “View Source” feature.
July 3rd, 2008 at 7:44 am
Well, I had to illustrate this, I knew it!
Here are the two test pages:
ERROR PAGE: http://www.imventurer.com/testarea/sessions_test.php
OK PAGE: http://www.imventurer.com/testarea/sessions_test_ok.php
and two W3C validation results:
ERROR PAGE
OK PAGE
Like I said, the only difference is that the first page calls session_start and the other doesn’t.
Try it yourself, make two pages and validate
August 2nd, 2008 at 4:03 am
I can’t help myself–I am forced to complain about your terrible, ugly hack. Sorry.
If the page is invalid, then faking it just for the W3C validator does not make it valid. The W3C validator is not the final word on validity!
If you ever actually use the correct XHTML content type (application/xhtml+xml), hence causing modern browsers to render in actual standards mode, it will break. With a full-page error message. And no content.
I don’t use PHP, but glancing over the manual suggests that changing url_rewriter.tags may be a better solution.