0

I have a PHP app that renders HTML pages for a social media application that I'm creating. Then, JavaScript initializes and makes things interactive. The PHP side of things logs into a separate webservice with curl.

Now, I can't figure out a way to share the session started in PHP with JavaScript, so when I make a AJAX request in JavaScript to the data server, its authenticated.

Is there a way to share a PHP session with JavaScript? Or to share authentication initially created with PHP with JavaScript?

Improve this question
2
  • code.tutsplus.com/tutorials/… read this article , may you will get the idea what to do . Commented Jan 10, 2015 at 23:42
  • This link was very helpful! I think i'll look more into using tokens than sessions. Thank you! Commented Jan 11, 2015 at 20:15

2 Answers 2

Reset to default
1

I would say it sounds like there is something wrong with your architecture. In my opinion, the web server itself, should be the only peer providing data to the client/browser. It's a two party conversation only.

When trying to hit a third-party server from the browser, you violate the browsers Same-Origin Policy, unless you specifically allow CORS by explicitly setting various request and response headers. - and you would only do so in very special situations.

The best solution might be to create proxy services at the web server, that can be hit directly (locally) by the browser. The web server can then (acting as controller) forward the data-request to the data server (model) and finally return the response to the browser (view).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

By the way.. If you really want to, it is possible to send a PHP session cookie to a third-party origin from XHR using the right CORS configuration. Your webserver should set Access-Control-Allow-Credentials: true header, and your Javascript code should configure XHR: withCredentials: true.
With the current set up i have, I do believe this would be the best way to carry out things. However, I think i'm going to investigate the use of tokens, that way I wouldnt have to worry about a session. Thank you!
0

You can read out the session cookie set by PHP (SID I guess) through JavaScript containing the session ID. When you make a query, use

http://example.com/?sid=SessionID
Improve this answer

1 Comment

This is not a link-only answer. There's no actual link.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.