All geek questions in one place

Cross domain ajax and php sessions

I am puzzled by this ... I am setting up remote widgets, we will control both domains, so security is not a concern. I use jsonp to allow ajax requests for cross domains.

The visited site is domain1.com, which includes:

<script src="domain2.com/file.js"></script>

file.js uses jQuery to create ajax requests:

 $.ajax({ url: 'http://domain2.com/getdata', dataType: 'jsonp', success: function(response) { div.html( response ); } });

It goes through several of these steps as a wizard, reloading the div with html from the remote server.

The problem I ran into is that with every ajax request I get a new php session id and my session data goes away. The PHP end of things is fine, if I run the same script from the same domain (still using jsonp), everything works fine. However, do this from a remote domain, and the session does not close. I have no idea why this is so, php end sets and requests a cookie from its own domain. I do not need to access the cookie from JS. A cookie is recorded and stored on the server. But each request, when I check the stored cookies in the browser, changed the session ID.

Any ideas?

+4
source share
3 answers

Well, I created a very simple test case and it worked fine.

The actual application uses cakephp and their sessions. I tried switching to using $ _SESSION instead, it didn't work. I tried adding session_start () to the controller, it didn't work. Finally, I disconnected cakephp sessions in config, and now it works fine.

I have no idea why it is not working, but it seems like it is crashing with cakephp.

+2
source

Specify the ajax jsonp request in a php file in the same domain, and in this php file, trought cUrl , execute the request in the second domain.

In short, use a php file as a tunnel between two domains (cUrl is just an example)

0
source

Sorry, I have not read that you are using jsonp. So this is not a solution ...

With Javascript, you cannot make AJAX calls in a domain other than the domain your website is running on. This is called the same origin policy and provides more security in the event of XSS problems on your site. See the Wikipedia article for more information: http://en.wikipedia.org/wiki/Same_origin_policy By providing php script routing on your server, you can redirect these Javascript AJAX calls to your server to the target domain / service / independently.

0
source

Source: https://habr.com/ru/post/1298945/

More articles:


All Articles