Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted October 13, 200915 yr I previously had my board 100 percent valid code... but I just upgraded to 3.0.4 and I get hundreds of errors. Most of them seem to cascade from an unescaped ampersand in session ID... eg...…e&module=global&section=login&s=128379128371' Where can I fix this?
October 13, 200915 yr Author Oh no!!!... I also just noticed that 301 redirects are going to the session ID version of the URL... for example... /forum/12345-topic-title/page__s__18f0cce8a945cc9980a542 f6209171c0
October 13, 200915 yr I believe that's a PHP function actually, called "cookieless sessions". And if it is, you're pretty much out of luck, because PHP adds the fraking things automatically, and PHP doesn't give a hoot about standards compliance.
October 13, 200915 yr Author Well I'm only seeing this after upgrading. Previously I had every topic page valid. Now I get hundreds of ampersand erros in cookie session id's... My browser doesn't display the cookeis but automates services, such as bots, validators, header checkers etc etc are seeing the sessions and the invaliud code.
October 13, 200915 yr Huzzah! Just make the following change to php.ini: And there you have it. Thanks to the W3C for the explanation and fix above.arg_separator.output = "&" If you don't want to support ugly cookieless session URLs at all, make this change: session.use_trans_sid = 0
October 13, 200915 yr Author Splendid, thanks... what are the downsides of removing session URL's altogether?
October 13, 200915 yr Actually, this isn't from PHP automatically. IPB 3 was not working properly when cookies weren't supported in the browser, which was fixed in 3.0.4. We'll have to look into why the ampersand isn't escaped, however.
October 13, 200915 yr Author Also, I just checked my php.ini file and I already have this in place. Further, session.use_trans_sid is off by default in my installation. So, I really don't know why I'm having this issue.
October 13, 200915 yr FYI, think I found why the ampersand wasn't escaped in your browsing and fixed that. We can discuss the session id itself in the bug report.
October 13, 200915 yr Author Is it template level or core level patch?... I ask because I'm trying to find it too :D
October 13, 200915 yr Author So I can just change... I just tested and now everything validates perfectly. Is this safe? Is it really as elementary as this?!!$url = preg_replace( "/s=([a-zA-Z0-9]{32})(&|&)/", '', $url ) . '&s=' . $matches[1]; to... $url = preg_replace( "/s=([a-zA-Z0-9]{32})(&|&)/", '', $url ) . '&s=' . $matches[1];
Archived
This topic is now archived and is closed to further replies.