开发者

Cross Domain ajax and php sessions

I'm baffled by this one... I'm doing a remote widgety type of setup, we'll control both domains so security is not a concern. I'm using jsonp to allow cross domain ajax requests.

The visited site is domain1.com, which inclues:

<script src="domain2.com/file.js"></script>

file.js uses jQuery to make ajax requests:

$.ajax({
   url: 'http://domain2.com/getdata',
 开发者_开发技巧  dataType: 'jsonp',
   success: function(response) {
       div.html( response );
   }
});

It goes through several of these steps in somewhat of a wizard, reloading the div with html from the remote server.

The problem I'm running into is that on each ajax request, I get a new php session id and my session data goes away. The PHP end of things is fine, if I run the same script from the same domain (still using jsonp), everything works fine. Doing it from a remote domain, however, and the session does not stick around. I have no idea why this is, the php end is setting and requesting a cookie from it's own domain. I do not need to access the cookie from JS. The cookie is being written and saved on the server. But each request when I check the stored cookies in the browser, the session id has changed.

Any ideas?


Well I created a very simple test case and it worked just fine.

The actual App is using cakephp and their sessions. I tried switching to just using $_SESSION instead, didn't work. I tried adding session_start() to the controller, didn't work. Finally I disabled cakephp sessions in the config, and now it works just fine.

I have no idea why it wasn't working but seems to be a glitch with cakephp.


Point the ajax jsonp request at a php file in the same domain, and in that php file, trought cUrl, do the request to the second domain.

In short, use an php file as a tunnel between the two domains (cUrl is just an example)


Sorry, I did not read that you are using jsonp. So this is not the solution...

With Javascript you are not able to do AJAX calls to a domain different than the domain your website is running on. This is called Same origin policy and provides more security in case there are XSS issues on your site. See the Wikipedia article for more info: http://en.wikipedia.org/wiki/Same_origin_policy By providing a routing php script on your server you are able to route those Javascript AJAX calls over your server to the target domain / service / whatever.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜