All geek questions in one place

Installing $ _SESSION using AJAX / jQuery | PHP sessions not working?

I am writing a login script for my site. I wrote a login script, and I have a form associated with it through an AJAX call through jQuery.

Here is the php that the form invokes:

<?PHP # Make sure form data was passed to the script IF (isset($_POST) && isset($_POST['username']) && isset($_POST['password'])){ # Connect to the database REQUIRE('../../../../my_db.php'); # Define variables $given_username = $_POST['username']; $given_password = $_POST['password']; $hashed_password = md5($given_password); $matched_username = ""; $matched_password = ""; # See if there is matching info in the database $sql = 'SELECT username, pass FROM users WHERE username="'.$given_username.'" AND pass = "'.$hashed_password.'"'; $result = mysql_query($sql); WHILE($row = mysql_fetch_assoc($result)){ $matched_username = $row['username']; $matched_password = $row['pass']; }; # If there was a match IF ($matched_username != "" && $matched_password != ""){ # Double check the values match IF ($given_username == $matched_username && $hashed_password == $matched_password){ # If there is only one result returned $session_sql = 'SELECT * FROM users WHERE username="'.$matched_username.'" AND pass = "'.$matched_password.'"'; $session_result = mysql_query($session_sql); IF(count(mysql_fetch_assoc($session_result)) != 0 && count(mysql_fetch_assoc($session_result)) < 2){ # If they do, start a session if(!isset($_SESSION)) { session_start(); session_regenerate_id(); }; # Set our session values WHILE($session_row = mysql_fetch_assoc($session_result)){ $_SESSION['id'] = $session_row['id']; $_SESSION['last_login'] = $session_row['last_login']; $_SESSION['username'] = $session_row['username']; $_SESSION['signup_date'] = $session_row['signup_date']; }; # Set users last login date and time to this login $update_sql = 'UPDATE users SET last_login = NOW WHERE username="'.$matched_username.'" AND pass = "'.$matched_password.'"'; $update = mysql_query($update_sql); echo json_encode(array("success"=>"user logged in", "session"=>$_SESSION)); }ELSE echo json_encode(array("error"=>"More than one user with the same information. What did you do?!")); }ELSE echo json_encode(array("error"=>"invalid login provided")); }ELSE echo json_encode(array("error"=>"invalid login provided")); }ELSE echo json_encode(array("error"=>"you must supply a username and password")); ?>

But if I do console.log(result.session) , I get [] , which makes me think that either setting session variables through ajax is not viable, or the session itself is not working properly.

I am not getting errors from this code.

Can someone point me in the right direction?

I do not think that I have access to php.ini, but I remember for a long time that you had to set up sessions to work in a file somewhere, but for life I can not find an example.

+4
source share
4 answers

Make sure you have session_start() at the beginning of your script. If there are any notifications or anything else, before you go to session_start() , you will receive an error message:

Warning: session_start (): Unable to send session cookie - headers already sent (output started at ...

In addition, your script is open for SQL injection. Make sure you avoid the username and password correctly! Note It is best to use prepared statements .

+5
source

Some tips for your php script:

  • Make sure you start the session as the first line of code after the php tag,

    session_start ();
    // another code comes here

Note. You can also verify that your session is started using session_id ()

  • First, test separately the php script called by Ajax (put some valid $ _POST data as the code input) and make sure you don’t repeat anything in front of the returned json strings, and you don’t get any warnings (this should be considered as screen outputs),

  • you can also declare the correct headers as they look missing here:

    header ('Content-type: application / json');

  • Don't forget the javascript callback to read the response to the request :-)

+1
source

I moved away from PHP for a while, so I could talk from my foundation, but I think you need to use session_start() and session_write_close() .

You must call session_start() before doing anything into the $ _SESSION array. After you finish modifying $ _SESSION, you should call session_write_close()

See http://www.php.net/manual/en/book.session.php for more details.

You may also need to modify php.ini if your hosting provider has not already done so. See http://www.php.net/manual/en/session.configuration.php

Hope this helps.

0
source

Dear @StephenRios, especially thanks for your answers, I applied the specified settings in the code, but in fact the problem was regarding the sharing of CORS Cross-Origin resources, I was stuck in this problem and asked a question Dear @StephenRios, especially thanks for your answers, I applied the specified settings in the code, but in fact the problem was regarding the sharing of CORS Cross-Origin resources, I got stuck in this problem and asked a question in fooobar.com/questions/1386189 / ... and my friend Milano Fili’s speech could solve the problem,

I used the setup in angularJS:

 $httpProvider.defaults.withCredentials = true;

as well as settings on my web server (here apache)

 Header add Access-Control-Allow-Credentials "true"

I am very grateful for your answers, I just shared my case here, because I searched for it for more than 3 days, I hope this could help.

0
source

Source: https://habr.com/ru/post/1386187/

More articles:


All Articles