Session ID's in form textarea fields

Anon

I've had to turn sessions off in my admin system because php kept putting ?sid=blablalba after each occurence of "file.name" in a textarea field. I need need those sessions in the urls and int he form as input hidden but not in my darn textarea!

This is a piece of my php.ini file:

; Whether to use cookies.
session.use_cookies = 0

; Name of the session (used as cookie name).
session.name = sid

I could turn use cookies on and the problem would have been solved I think but I need this setting for all my sites.

Anyways the url_rewrites tags says:

form=fakeentry

So I was also wondering what that means? The fakeentry part!!

If someone has any pointers on this problem, then please post them, thanks!

Jos Jongejan
GamingFiles.com / FilesNetwork.com

van__

The problem here is trans-sid.
It's a PHP-config var that says whether or not PHP should rewrite anything it percieves as a URL in your pages to include the ?phpsessid=blahballygoook

The quick fix is to use full URL's if you do not want the URL rewritten:

/path/to/page.php
will be rewritten as:
/path/to/page.php?phpsessid=blahballygoook

but...
http://www.mysite.com/path/to/page.php
will not be rewritten.

This is to prevent PHP from passing your users session id's to foriegn sites.

I am a bit suprised that PHP is rewritting items in a form element, that seems a bit unusual.

As far as the fake entry bit, I haven't come across that yet.

Anon

Thx Van, however, I do need the trans-sid for my other sites because I´m not gonna put sid= in all the links manually, that´s just undoable

It's also useful in my admin system however the fact that it rewrites a simple a href=file.info?1234 tag appearing in a textarea like the one we put our comments on this site in are rewritten. I could probably see if I can have php strip it agan but I´m not sure if that will work since it rewrites the tags at the very end of the process i think

anyways the fakeentry stuff is default in php.ini´s url rewriter tags