views:

52

answers:

1

Hi all,
i'm testing out a service for internal ads on our website...
I need to save internal session (PHP) to know what ads have been displayed and some other protection stuff...

The problem is that if i access to the API throught webbrowser GET or POST it does session (and saves the cookie of php session), but if i use jQuery.ajax() method it doesn't save it...

My link for tests is http://search.microdual.com
(this is because i wanted a customized google search on my laptop :p)

I suggest you to use firebug to take a look at the javascript code. (PHP code isn't needed because it is working on clicks...) To simplify the debugging, i print out on response json array from server the session id on the var {id_sessao:"..."}...

Thanks in advance,
José Moreira

EDIT:

Headers from server:

Date    Wed, 08 Sep 2010 11:24:48 GMT
Server  Apache/2.2.8 (Ubuntu)
P3P CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control   private, must-revalidate
Access-Control-Allow-Orig...    *
Access-Control-Allow-Cred...    true
Access-Control-Allow-Meth...    OPTIONS, GET, POST
Access-Control-Allow-Head...    Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
Set-Cookie  SN4b55935921bde=7ad280272050b4b44f17769909fd6f34; path=/ SN4b55935921bde=7ad280272050b4b44f17769909fd6f34; path=/
Keep-Alive  timeout=15, max=97
Connection  Keep-Alive
Transfer-Encoding   chunked
Content-Type    text/html; charset=UTF-8

Headers from the jQuery Ajax request:

Host    www.microdual.com
User-Agent  Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; pt-PT; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Accept  application/json, text/javascript
Accept-Language pt-pt,pt;q=0.8,en;q=0.5,en-us;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive  115
Connection  keep-alive
Content-Type    application/x-www-form-urlencoded; charset=UTF-8
Referer http://search.microdual.com/
Content-Length  29
Origin  http://search.microdual.com
Pragma  no-cache
Cache-Control   no-cache

Where is the cookie control on the jQuery Ajax Request?

+1  A: 

The problem is probably that your parent document is on search.microdual.com, and you are requesting a script from www.microdual.com. The session cookie isn't transported across domains.

If you are not using document.domain - I don't see it anywhere? - you will also have the additional problem that the AJAX call fails due to the Single Origin Policy.

To fix the cookie issue, you could either

  • set the cookie's domain to .microdual.com so it works in both sub-domains

  • carry the session across manually in the URL (?sessionid=xxxxx) and continue the session using session_id("xxxxx");.

  • put both scripts on the same sub-domain (search.microdual.com)

The latter would be the easiest way.

Pekka
How do i set the cookie to multiple domains? To work with `microdual.com`, `search.microdual.com` and `example.com` (like `*` ?) because i will put these ads on multiple pages from our company, but the php script will be always on `www.microdual.com`
CuSS
@CuSS see http://stackoverflow.com/questions/2392990/how-can-i-carry-cookies-in-php-to-multiple-subdomain
Pekka
@Pekka putting this code it will set the session cookie?
CuSS
@CuSS probably yes, but as I said, you will then get cross domain problems as well
Pekka