3

I've got a weird problem were php session variables are not working on pages accessed by ajax.

Server Side Code: s2.php

<?php
    session_start();
    header("Access-Control-Allow-Origin: *");

    echo '{"response":"'.$_SESSION["email"].'"}';

    exit();
?>

Client Side Code: index.php

$.ajax({
    url: 'mysite.com/s2.php',
    data: info,
    error: function() {
        console.log("broke :( ");
    },
    dataType: 'json',
    success: function(data) {
        console.log(data);
    },
    type: 'POST'
});

when I navigate to mysite.com/index.php i see: {response: ""} in the console.

When I navigate to mysite.com/s2.php I see {response: "email@address"} displayed in the browser.

I just don't understand why s2.php can access the session normally but not when run by an ajax call.

Also, when I run it on my home server, everything seems fine. But it's when it's run on my wife's bluehost.com server is when it has problems. Is this something with their settings?

Improve this question
11
  • Maybe a dumb question, but have you logged-in to the app on her bluehost server? Sessions don't span servers. Commented Feb 9, 2018 at 2:07
  • @Max at this point I'm thinking I've done something dumb. But yes. index.php is on the bluehost server, and it is the page that originally set $_SESSTION["email"] Commented Feb 9, 2018 at 2:11
  • have you tried setting withCredentials to true? Commented Feb 9, 2018 at 2:23
  • @Musa I assume you mean as part of the ajax call? Just tried, no difference. Commented Feb 9, 2018 at 2:29
  • According to the php.net/manual/en/function.session-start.php official documentation, you must call the session_start() method in each one of pages where you are going to use the session, so try to call session_start() in your index.php. Commented Feb 9, 2018 at 2:35

2 Answers 2

Reset to default
3

According with the official documentation, you must call the session_start() method in each one of pages where you are going to use the session, so try to call session_start() in your index.php.

This method starts new or resumes existing session, also check your PHPSESSID cookie sent with the AJAX request that match with your index.php PHPSESSID.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

determined that I was viewing the site at www.mysite.com/ but was making the AJAX call with mysite.com/s2.php It determined that as cross-domain and didn't send the PHPSESSID cookie.
0

something interesting happend to me as i had the same issue, but nothing that i tried worked. It seems that after using session_regenerate_id() after the login process (to prevent session fixation attacks), the session id was stored as cookie, but not updated to the new session id. The page calling the ajax had one session id , while the ajax php file was using an other.

Clearing the cookies solved the problem.

One thing to check if such problems occur, is if the session_id() is the same on all involved pages, even if session_start() is used on all pages.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.