Stopping the session ID from being appended in PHP


I have installed a simple guestbook script (Xeobook) on my website. It uses sessions to keep track of whether the admin is logged in or not. Now, the guestbook page won’t validate since PHP adds a session id to every link on the page, sometimes inserting an unencoded ampersand, and it also puts a hidden field into the form.

I tried turning this off by inserting these lines at the top of the script:

ini_set (‘session.use_only_cookies’, true);
ini_set (‘session.use_trans_sid’, false);

It still inserts the ID and field, though :frowning: Any ideas what I might be doing wrong? Thanks!

PS: Same thing happens with another script that uses sessions, so I don’t think it’s an issue specific to the guestbook.

ini_set(‘arg_separator.output’,’&’) ;

If you set this, then your page will validate. It changes the ? in the URL to &, which is valid.

Thank you! Unfortunately, it still doesn’t validate completely since the hidden field is still being inserted into the form. Is there any reason why “session.use_only_cookies’” won’t work? :frowning: