dsfphczao23473056 2015-06-23 21:30 采纳率: 100%
浏览 40
已采纳

PHP会话不是用AJAX持久化的

I'm working on making a website (developing locally) that requires a login for users; I've used php-login.net framework as my starting point and have my code talking to MySQL and creating sessions just fine.

I've gone through most every SO question regarding php sessions and ajax; but I still can't get my code to work how I want.

Now, I'm using ajax to call some other php scripts after the user successfully logs in, however it's not working properly. In firefox, with all the cookies, history, etc cleared, it looks like the session variables aren't maintained with the ajax call. However, if I log-out and then log back in, the session variables seem to be passed properly across ajax.

For example:

In my logged_in.php script, I'm using ajax to call another script: view_samples.php.

logged_in.php

<script type="text/javascript" src="/js/loggedInButtons.js" > </script> <!-- all our ajax calls are here -->

<?php

    // debug some variables
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    // if logged in
    if ($_SESSION['logged'] == 1) { 
    ?>
        <button class='btn btn-primary' id="view_samples"> View samples</button> <!-- calls view_samples.php -->
        <div id="ajaxResult"></div> <!-- results of ajax calls go here -->
    <?php
    } 

?>

loggedInButtons.js

$(document).ready(function(){
    $("#view_samples").click(function(){
        $.ajax({
            url: "view_samples.php",
            cache: false,
            success: function(result){
                $("#ajaxResult").html(result);
            }
        });
    });
}

view_samples.php

<?php
    session_start():

    // debug session
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    if ($_SESSION['logged'] == 1) {
      // do something because we are properly logged in
    } else {
      echo "not logged in!";
    }

?>

When I log in with a browser that hasn't logged in before, I see it sets a session ID X; however when the button is pressed and the ajax call is made, I see a new session ID Y. I then log-out and log back in and see that my session ID is Y (before ajax) and that my session ID is Y when I click the button (after ajax).

I've also noticed that if I keep logging-in & out without pressing the view samples button, a new session id generated each time. However, as soon as I press the button, a whole new session id is created which seems to always be the one that is set if I log-out and then back in.

What am I missing? What's the proper way to go about ensuring the first session that is created is maintained throughout ajax calls? Should I POST the session id to the called script?

  • 写回答

1条回答 默认 最新

  • dongsuishou8039 2015-06-24 13:20
    关注

    This is how I solved things (as Freaktor's comment above didn't resolve the issue) - I'm manually passing the session ID through AJAX and then setting it in the new PHP script. I'm wondering if anyone could comment on the security of this (as I'm not entirely sure how this all works)?

    This and this post were helpful.

    logged_in.php

    <script>var session_id = '<?php echo session_id();?>';</script> <!-- store our session ID so that we can pass it through ajax -->
<script type="text/javascript" src="/js/loggedInButtons.js" > </script> <!-- all our ajax calls are here -->

<?php

    // debug some variables
    echo "<br>" . session_id() . "<br>";

    // if logged in
    if ($_SESSION['logged'] == 1) { 
    ?>
        <button class='btn btn-primary' id="view_samples"> View samples</button> <!-- calls view_samples.php -->
        <div id="ajaxResult"></div> <!-- results of ajax calls go here -->
    <?php
    } 

?>

    loggedInButton.js

    var data = {func:'getData1',session_id:session_id}; // manually send the session ID through ajax
$(document).ready(function(){
    $("#view_samples").click(function(){
        $.ajax({
            type: "POST",
            data: data,
            url: "view_samples.php",
            success: function(result){
                $("#ajaxResult").html(result);
            }
        });
    });
}

    view_samples.php

    <?php
    session_id($_POST['session_id']); // get the session ID sent by AJAX and set it
    session_start():

    // debug session
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    if ($_SESSION['logged'] == 1) {
      // do something because we are properly logged in
    } else {
      echo "not logged in!";
    }

?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入