I notice any pages that are session enbabled have the session id appended to all the hyperlinks and within forms as well. I have a problem with the way the server is doing this with my form. It's adding a line like:

<input type="hidden" name="PHPSESSID" value="c2f3df3839ec96cf1b2dc74d116c8ebe" />

after my <fieldset> ... </fieldset> tags and this is causing the page not to validate as xhtml strict. Is this just something I have to live with?

the SID is only appended to the querystring or in hidden formfields, when you have cookies disabled. Enable cookies and the hidden formfield will disappear.

it is a known 'bug'
http://bugs.php.net/bug.php?id=13472
that you can fix if you have acces to the php.ini

since it's standing open almost 3 years, i wouldn't hope for a quick bugfix...

Thanks Raf. That is cruddy though! :\

From what I'm reading in that link, and what I looked up in the manual (pasted below) ...

url_rewriter.tags
specifies which HTML tags are rewritten to include session id if transparent sid support is enabled. Defaults to a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=
Note: If you want XHTML conformity, remove the form entry and use the <fieldset> tags around your form fields.

... this should be correctable by removing "form=fakeentry". Do I also need to remove "fieldset="? from the ini file?

don't know ... never tried it.

so i guess you'll need to experiment and tell us :D

if you use apache then you can do the following in a .htaccess file in the root:

php_value url_rewriter.tags = "a=href,area=href,frame=src,input=src,fieldset=fakeentry"
php_value arg_separator.output = '&amp;'

this will change the PHP vars to be xhtml compliant.

NB: fakeentry should be one word up there.