I have a check_session.php file that checks if the user session was started after login, which happens is as follows:
There are two URL's:
https://www.website.com/control/user/
And inside it has a link that leads to another URL:
https://www.website.com/b2b/user/
At the beginning of each page you even have the code:
<?php
if( !session_id() ) {
session_start();
}
header('Access-Control-Allow-Origin: https://www.website.com');
?>
The file check_session.php is the same for both environments, however when opening the link in a target="_blank", the other URL passes through the file verify.php and $_SESSION['user'] is not recognized and forwards the user out of the environment, but the source tab does not lose the session:
<?php
if( !isset($_SESSION['user']) ) {
session_regenerate_id(true);
unset($_SESSION['user']);
session_destroy();
session_start();
echo "<script>window.alert('Unauthorized access [SECTION OFF]!');</script>";
echo "<script>parent.location.href='home/';</script>";
exit();
}
?>
Taking into account that the destination URL call is done both via tag and in Jquery .ajax();
great regardz, thank you!