2

Hi all,
i'm testing out a service for internal ads on our website...
I need to save internal session (PHP) to know what ads have been displayed and some other protection stuff...

The problem is that if i access to the API throught webbrowser GET or POST it does session (and saves the cookie of php session), but if i use jQuery.ajax() method it doesn't save it...

My link for tests is http://search.microdual.com
(this is because i wanted a customized google search on my laptop :p)

I suggest you to use firebug to take a look at the javascript code. (PHP code isn't needed because it is working on clicks...) To simplify the debugging, i print out on response json array from server the session id on the var {id_sessao:"..."}...

Thanks in advance,
José Moreira

EDIT:

Headers from server:

Date    Wed, 08 Sep 2010 11:24:48 GMT
Server  Apache/2.2.8 (Ubuntu)
P3P CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control   private, must-revalidate
Access-Control-Allow-Orig...    *
Access-Control-Allow-Cred...    true
Access-Control-Allow-Meth...    OPTIONS, GET, POST
Access-Control-Allow-Head...    Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
Set-Cookie  SN4b55935921bde=7ad280272050b4b44f17769909fd6f34; path=/ SN4b55935921bde=7ad280272050b4b44f17769909fd6f34; path=/
Keep-Alive  timeout=15, max=97
Connection  Keep-Alive
Transfer-Encoding   chunked
Content-Type    text/html; charset=UTF-8

Headers from the jQuery Ajax request:

Host    www.microdual.com
User-Agent  Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; pt-PT; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Accept  application/json, text/javascript
Accept-Language pt-pt,pt;q=0.8,en;q=0.5,en-us;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive  115
Connection  keep-alive
Content-Type    application/x-www-form-urlencoded; charset=UTF-8
Referer http://search.microdual.com/
Content-Length  29
Origin  http://search.microdual.com
Pragma  no-cache
Cache-Control   no-cache

Where is the cookie control on the jQuery Ajax Request?

Improve this question
10
  • JS or PHP? ajax.microdual.com/js/jquery.microdualgetad-1.0.0.js Commented Sep 8, 2010 at 10:07
  • @CuSS is your Ajax request script actually continuing the session using session_start()? Commented Sep 8, 2010 at 11:46
  • @Pekka yes, try to click on a Ad Image and look at the headers throught firebug, it sends cookie. Ajax not. Commented Sep 8, 2010 at 11:51
  • @Cuss you don't happen to be setting the session cookie in a subdirectory of the domain? Commented Sep 8, 2010 at 11:53
  • PHP code and the code that you put HTML must be uncompressed Commented Sep 8, 2010 at 11:53

1 Answer 1

Reset to default
5

The problem is probably that your parent document is on search.microdual.com, and you are requesting a script from www.microdual.com. The session cookie isn't transported across domains.

If you are not using document.domain - I don't see it anywhere? - you will also have the additional problem that the AJAX call fails due to the Single Origin Policy.

To fix the cookie issue, you could either

  • set the cookie's domain to .microdual.com so it works in both sub-domains

  • carry the session across manually in the URL (?sessionid=xxxxx) and continue the session using session_id("xxxxx");.

  • put both scripts on the same sub-domain (search.microdual.com)

The latter would be the easiest way.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

How do i set the cookie to multiple domains? To work with microdual.com, search.microdual.com and example.com (like * ?) because i will put these ads on multiple pages from our company, but the php script will be always on www.microdual.com
@CuSS see stackoverflow.com/questions/2392990/…
@CuSS probably yes, but as I said, you will then get cross domain problems as well
+1 for server not retaining session across domains. terrible if you're just doing http and https on your own site.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.