I am currently using the CORS method (ReWriting my external requests from example.com/api?param=args
to example.com/api/public/api.php?param=args
) and sending the get Request like so:
$.get('http://www.example.com/api'), { param: "args" })
.done(function (data) {
alert(data);
});
This works absolutely fine and I can now Cross-Domain reference with Requests and responses to my API software.
I am now wondering, I set up a test request to try achieve a Session
.
session_start();
if(isset($_GET['store'])):
$_SESSION['key'] = $_GET['store'];
elseif(isset($_GET['show'])):
echo $_SESSION['key'];
endif;
When I go to the link directly in my browser, this works fine however, when I send a request from the external domain, the second request seems to "forget" the Session key
I stored.
Code:
$.get('http://www.example.com/api'), { store: "test" })
.done(function () {
$.get('http://www.example.com/api'), { show: "args" })
.done(function (data) {
alert(data);
})
});
Data is undefined
Is there a way I can make the server that is sending the requests actually "save" or "remember" the session on the API server or is there a way I can achieve this by using a work around?
Note that the API will be used by multiple people - like a plugin - and each key
will be actually added once they send a Register
param as a request with the admin details of there account so I need some sort of authentication to using the API and cannot actually think of a way around not using Session's or getting it to work using session's.
Please note also, if I am using session (as you can see like that), it creates a CRSF attack
. Is there a work around this also?