Valid XHTML & the Session Problem

I want my page to be Valid XHTML . and it ist valid, but:
When i want to validate my page with the w3c validator for each link in the page menu it gives me back an error:

Error Line 17 column 24: general entity "jhx_sid" not defined and no default entity.
<a href="index.php?id=1&jhx_sid=1d82f901638434586f0cec45e77ffdff">Home</a>
This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details.

This error does not occur if i remove the line with " startCMSSession(); " from the index.php.
can anybody help me? (and if i remove startCMSSession(); i cant use Quickedit)
i really like to use modx for my site but this is the only point that holds me back.
thanks . great cms.

Try replacing the ampersand with it’s HTML entity:

Quote from: rthrash at Nov 01, 2005, 02:22 PM

Try replacing the ampersand with it’s HTML entity: &amp;

that won’t work because i did not set the links with the session id at the end. it must be generated by modx. when i browse to http://www.textmo.de/jhx/index.php the links in the menu are okay. but when i send http://www.textmo.de/jhx/index.php to the w3c validator the links in the menu ends with this session id. ...

I think it’s php that’s add the &jhx_sid. See the following php ini settings:

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser’s history or bookmarks.
session.use_trans_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

I found the solution..
My Host Provider didnt let me set the PHP.INI vars, so session.allow_only_cookies is set to "0" .
If the w3c Validator now checks the page and the validator doesnt accept cookies, the Session id is attached to the URL automatically.

Now i did the following in the index.php of ModX:



now the session is only started if the Browser supports cookies...

I might have something to fuel the debate :

The webdesign group’s Ampersands (&’s) in URLs

And more interresting for our dear dev team : Ampersands, PHP Sessions and Valid HTML

Three solutions are presented :

Quote from: W3C-QA

Editing php.ini

The php.ini file contains the central configuration data for an install of PHP on a computer. You can specify a character reference to use there.

arg_separator.output = "&amp;"

Apache directives

The Apache web server can set PHP scripts in all the usual places. This allows different directives to be set on a per site or per directory basis (in, for example, a <location> block or .htaccess file).

php_value arg_separator.output &amp;

Per script basis

PHP configuration directives can be set on a per script basis with the ini_set function. Put the code to set the directives at the top of your script.

<?php ini_set(’arg_separator.output’,’&amp;’); ?>

Does it help ?
;D

But of course, all of this helps!

I’m opening a ticket in Flyspray to research the issue of all character entity references and find the best approach to providing valid output, at least when the parser is requested to do so. Perhaps a plugin could be used to address this based on the presence of the XML headers, though we might need to address it in the core.

Cheers...

BTW, great solution cryx666; I’ll make sure this session related fix gets into the core.