dsfphczao23473056 2015-06-23 21:30 采纳率: 100%
浏览 40
已采纳

PHP会话不是用AJAX持久化的

I'm working on making a website (developing locally) that requires a login for users; I've used php-login.net framework as my starting point and have my code talking to MySQL and creating sessions just fine.

I've gone through most every SO question regarding php sessions and ajax; but I still can't get my code to work how I want.

Now, I'm using ajax to call some other php scripts after the user successfully logs in, however it's not working properly. In firefox, with all the cookies, history, etc cleared, it looks like the session variables aren't maintained with the ajax call. However, if I log-out and then log back in, the session variables seem to be passed properly across ajax.

For example:

In my logged_in.php script, I'm using ajax to call another script: view_samples.php.

logged_in.php

<script type="text/javascript" src="/js/loggedInButtons.js" > </script> <!-- all our ajax calls are here -->

<?php

    // debug some variables
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    // if logged in
    if ($_SESSION['logged'] == 1) { 
    ?>
        <button class='btn btn-primary' id="view_samples"> View samples</button> <!-- calls view_samples.php -->
        <div id="ajaxResult"></div> <!-- results of ajax calls go here -->
    <?php
    } 

?>

loggedInButtons.js

$(document).ready(function(){
    $("#view_samples").click(function(){
        $.ajax({
            url: "view_samples.php",
            cache: false,
            success: function(result){
                $("#ajaxResult").html(result);
            }
        });
    });
}

view_samples.php

<?php
    session_start():

    // debug session
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    if ($_SESSION['logged'] == 1) {
      // do something because we are properly logged in
    } else {
      echo "not logged in!";
    }

?>

When I log in with a browser that hasn't logged in before, I see it sets a session ID X; however when the button is pressed and the ajax call is made, I see a new session ID Y. I then log-out and log back in and see that my session ID is Y (before ajax) and that my session ID is Y when I click the button (after ajax).

I've also noticed that if I keep logging-in & out without pressing the view samples button, a new session id generated each time. However, as soon as I press the button, a whole new session id is created which seems to always be the one that is set if I log-out and then back in.

What am I missing? What's the proper way to go about ensuring the first session that is created is maintained throughout ajax calls? Should I POST the session id to the called script?

  • 写回答

1条回答 默认 最新

  • dongsuishou8039 2015-06-24 13:20
    关注

    This is how I solved things (as Freaktor's comment above didn't resolve the issue) - I'm manually passing the session ID through AJAX and then setting it in the new PHP script. I'm wondering if anyone could comment on the security of this (as I'm not entirely sure how this all works)?

    This and this post were helpful.

    logged_in.php

    <script>var session_id = '<?php echo session_id();?>';</script> <!-- store our session ID so that we can pass it through ajax -->
<script type="text/javascript" src="/js/loggedInButtons.js" > </script> <!-- all our ajax calls are here -->

<?php

    // debug some variables
    echo "<br>" . session_id() . "<br>";

    // if logged in
    if ($_SESSION['logged'] == 1) { 
    ?>
        <button class='btn btn-primary' id="view_samples"> View samples</button> <!-- calls view_samples.php -->
        <div id="ajaxResult"></div> <!-- results of ajax calls go here -->
    <?php
    } 

?>

    loggedInButton.js

    var data = {func:'getData1',session_id:session_id}; // manually send the session ID through ajax
$(document).ready(function(){
    $("#view_samples").click(function(){
        $.ajax({
            type: "POST",
            data: data,
            url: "view_samples.php",
            success: function(result){
                $("#ajaxResult").html(result);
            }
        });
    });
}

    view_samples.php

    <?php
    session_id($_POST['session_id']); // get the session ID sent by AJAX and set it
    session_start():

    // debug session
    print_r($_SESSION);
    echo "<br>" . session_id() . "<br>";

    if ($_SESSION['logged'] == 1) {
      // do something because we are properly logged in
    } else {
      echo "not logged in!";
    }

?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 对于这个复杂问题的解释说明
  • ¥50 三种调度算法报错 有实例
  • ¥15 关于#python#的问题,请各位专家解答!
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败