dongquelu1239 2018-04-27 16:00
浏览 55
已采纳

too long

I have two PHP-files.

The first: http://huntinggrounds.de/test/sessionToken.php openen a new session via session_start() and has the variable $_SESSION['token'] = "123";

By doing an fetch (ajax-call) to my second file (formTest.php) I wolud like to return this $_SESSION['token']. But this is always not valid anymore.

I detected that I get also always a new SessionID. What is definetely wrong.

If I call http://huntinggrounds.de/test/formTest.php direkt over the browser. Everything is correct. So the issue must be the ajax call.

Here are the sources: In start-file sessionToken.php:

fetch(form.getAttribute("action"), {
        method: 'POST',
        headers: {
            'x-csrf-token': token,
            'Accept': 'application/json, text/plain, */*',
            'credentials': 'include'     
        },
        body: data      
 })

my PHP-file formTest.php

    <?php
    //session_id('joe');
    //session_start();
    if (session_status()==1) {
        session_start();  $sessionStart = "sessionNEU";
    }

    header('Access-Control-Allow-Methods: POST');
    header("X-Powered-By: joe");

    header("Access-Control-Allow-Headers: x-csrf-token, X-Requested-With"); 
    header("Access-Control-Expose-Headers: x-csrf-token");

    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Allow-Origin: *');
    header($_SERVER["SERVER_PROTOCOL"]." 200 Ok");
    header('Content-type: application/json');

    $response= array();
        $tokenNeu = generateToken(16);
    //$tokenAlt = $_SERVER['HTTP_X_CSRF_TOKEN'];
    $response["session"]["ID"] = session_id();
    $response["session"]["savePath"] = session_save_path();
    $response["session"]["startsNew"] = $sessionStart ? "yes" : "no";
    $response["session"]["hasToken"] = isset($_SESSION['token']) ? "yes" : "no";
    $response["session"]["token"] = $_SESSION['token'];
    $response["session"]["tokenValid"] = ($_SESSION['token'] == $_SERVER['HTTP_X_CSRF_TOKEN']) ? "valid" : "invalid";
    $response["session"]["tokenCSFR"] = $_SERVER['HTTP_X_CSRF_TOKEN'];
    $response["session"]["tokenNew"] = $tokenNeu;
echo json_encode($response);...

Any idea what force the testForm.php to give a new SessionID.

(When I set in both files session_id('joe'); it works like a charm)

Please do not comment that the session_start(); has to be in the first line. This is tested and fails.

I'am on PHP7.

  • 写回答

1条回答 默认 最新

  • dongquanjie9328 2018-04-27 16:10
    关注

    You need to put credentials inside options not in headers, see: http://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch 

    fetch(form.getAttribute("action"), {
        method: 'POST',
        headers: {
            'x-csrf-token': token,
            'Accept': 'application/json, text/plain, */*'
        },
        'credentials': 'include',
        body: data      
 })
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 outlook无法配置成功
  • ¥15 Pwm双极模式H桥驱动控制电机
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换