tags:

views:

324

answers:

3
+1  Q: 

Cross Domain ajax and php sessions

I'm baffled by this one... I'm doing a remote widgety type of setup, we'll control both domains so security is not a concern. I'm using jsonp to allow cross domain ajax requests.

The visited site is domain1.com, which inclues:

<script src="domain2.com/file.js"></script>

file.js uses jQuery to make ajax requests:

$.ajax({
   url: 'http://domain2.com/getdata',
   dataType: 'jsonp',
   success: function(response) {
       div.html( response );
   }
});

It goes through several of these steps in somewhat of a wizard, reloading the div with html from the remote server.

The problem I'm running into is that on each ajax request, I get a new php session id and my session data goes away. The PHP end of things is fine, if I run the same script from the same domain (still using jsonp), everything works fine. Doing it from a remote domain, however, and the session does not stick around. I have no idea why this is, the php end is setting and requesting a cookie from it's own domain. I do not need to access the cookie from JS. The cookie is being written and saved on the server. But each request when I check the stored cookies in the browser, the session id has changed.

Any ideas?

A: 

Point the ajax jsonp request at a php file in the same domain, and in that php file, trought cUrl, do the request to the second domain.

In short, use an php file as a tunnel between the two domains (cUrl is just an example)

DaNieL  2010-01-21 00:27:55
That then uses server bandwidth, not client
woody993  2010-01-21 00:56:19
He didnt mentioned a bandwith problem ;) And this is the only way to have some kind of controlo on the output, before print it into the browser
DaNieL  2010-01-21 08:05:46
+1  A: 

Well I created a very simple test case and it worked just fine.

The actual App is using cakephp and their sessions. I tried switching to just using $_SESSION instead, didn't work. I tried adding session_start() to the controller, didn't work. Finally I disabled cakephp sessions in the config, and now it works just fine.

I have no idea why it wasn't working but seems to be a glitch with cakephp.

Chad  2010-01-21 01:24:45
finally found the fix. In cake I had to set Session.security to medium. On high security a new session id is generated on each request to prevent session hijacking. For reasons I can't fathom, cross domain ajax requests don't seem to pick up the new cookie session id, whereas normal ajax does...
Chad  2010-01-21 17:46:44
A: 

Sorry, I did not read that you are using jsonp. So this is not the solution...

With Javascript you are not able to do AJAX calls to a domain different than the domain your website is running on. This is called Same origin policy and provides more security in case there are XSS issues on your site. See the Wikipedia article for more info: http://en.wikipedia.org/wiki/Same_origin_policy By providing a routing php script on your server you are able to route those Javascript AJAX calls over your server to the target domain / service / whatever.

Sebastian Hoitz  2010-01-21 17:54:40

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases