[TYPO3-dev] enableContentLengthHeader and PHP-Session
Dmitry Dulepov
dmitry at typo3.org
Tue Dec 2 16:07:04 CET 2008
Hi!
Christian Welzel wrote:
> is there a known way to detect, if PHP will rewrite all links in a website
> to contain the PHPSESSIONID value? In this case, TYPO3 should disable the
> sending of the content length header even if enableContentLengthHeader is
> set to true.
>
> Why that? Today i was using the w3c validator for a page and noticed, that
> it complained about errors of not correctly closed tags. But in my browser
> all was ok. After digging around for a while, i found that php rewrote some
> of the links to include the session id and this way the document got longer
> than the value TYPO3 sended in the content length header. The validator cut
> off the rest of bytes of the document.
Generally you will never want to have PHP session identifiers in links. Firsts, it is rare but possible session stealing. Secondly, such links look ugly. Thirdly, do you really want such links be visible in Google?
You can always adjust your PHP configuration. Set "session.use_only_cookies" to 1 in php.ini or .htaccess. It is even set by default, I do not understand who and for what reason will want to change it.
--
Dmitry Dulepov
TYPO3 core team
In the blog: http://typo3bloke.net/post-details/how_to_enable_memcached_cache_in_typo3_43/
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
More information about the TYPO3-dev
mailing list