helloxielan 2018-03-27 14:01 采纳率: 0%
浏览 40

Ajax重置PHP会话

I know this question has been asked before so I apologize ahead of time, but I have gone over his solution multiple times and it does not fix the session reset in my case.

I have a simple php page that outputs a session id for debugging. Like this:

<?php
session_start();
echo session_id();
?>

Then I have a simple HTML page with jQuery that performs an ajax request on that page and logs the output.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
    <script>
      $.post('http://localhost.api.mydomain/sid', {
        some: 'data'
      }, function(data,status) {
        console.log(data);
      });
    </script>
  </head>
  <body>
    Check your console.
  </body>
</html>

If I manually visit the url http://localhost.api.mydomain/sid the output never changes, the session_id() stays constant, as expected. However, if I refresh the ajax page, the outputted session_id() changes with every refresh.

I've tried setting session.cookie_domain in the php.ini file but to no avail. I apologize for this issue, but I simply cannot find a solution.

  • 写回答

2条回答 默认 最新

  • weixin_33730836 2018-03-27 14:55
    关注

    The reason is because the ajax request does not send the session id along with the request. That causes session_start to generate a new one.

    Possible reason that could make the browser not send the session cookie during the ajax request is discrepancy in domain name.

    instead of setting session.cookie_domain on the ini file, set it as follows at runtime

    session_set_cookie_params(33600, '/', 'localhost.api.mydomain', FALSE, TRUE);
session_start();

    To help you debug this, go to network tab on the developers tools in chrome. reload the page and check the request headers and response headers. check the host to which jquery sends the request. it may be sending the request to just localhost. and you may have configured your site to accept both localhost and localhost.api.mydomain.

    to do more check, in your file, do something like

    session_set_cookie_params(33600, '/', 'localhost.api.mydomain', FALSE, TRUE);
session_start();
die($_SERVER['HTTP_HOST']);

    this will let you compare the request url used by jquery during the ajax request.

    评论
  • weixin_33749131 2018-03-31 23:34
    关注

    This is an Access-Control issue, not an ajax issue.

    When you visit the url from your browser directly, you are requesting a (session) cookie from the domain you are visiting. When you are using ajax, in this case, you are requesting a cookie from a domain that is not the domain you are visiting.

    On your php API file at api.example.com, try this.

    header('Access-Control-Allow-Origin: example.com');
header('Access-Control-Allow-Credentials: true');

    Then on your ajax request file, use the xhrFields parameter like so.

      $.ajax({
    url: 'https://api.example.com',
    xhrFields: { withCredentials: true },
    success: function(data) {
      console.log(data)
    }
  });

    Now as long as you are calling the request from the origin example.com, cookies will behave as expected.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于#git#的问题,请各位专家解答!(相关搜索:开源项目)
  • ¥15 matlab处理脑电数据悬赏(时序图+预处理+频谱图)
  • ¥100 r语言多元回归模型怎么看表达式
  • ¥15 PMM 9010/30P
  • ¥15 pom文件依赖管理,未找到依赖
  • ¥15 现在后端返回给我一堆下载地址,都是一个视频切片后的,如何在uniapp安卓环境下将这些分片的视频下周并且合并成原始视频并下载到本地。
  • ¥15 Unity导出2D项目运行时图片变成马赛克
  • ¥15 关于communitytoolkit.mvvm的生成器得到的代码看起来没有被使用的问题
  • ¥15 matlab中此类型的变量不支持使用点进行索引
  • ¥15 咨询第六届工业互联网数据创新大赛原始数据