1

I set a session variable on login subdomain, and response json from another subdomain if the login was successful, the responsed json is checked by a script and the script does a location.href = "new url". On the redirected site "new url" I want to check my session variables if the user is logged in or not, but there are no session variables set. Does location.href = "" destroy my session? How to fix this problem? session.cookie_domain is set to '.mydomain.com'.

login.mydomain.com:

$.post('http://api.mydomain.com/index.php', {action: 'login', username: username, password: password}, function(response) {
            var success = $.parseJSON(response);
            if(success.success == 'true') {
                location.replace = 'http://my.mydomain.com';
            }
        });

api.mydomain.com:

session_start();
$_SESSION['active'] = true;
header('Access-Control-Allow-Origin: http://login.mydomain.com');
echo '{"success": "true"}';

my.mydomain.com:

session_start();
if(!isset($_SESSION['active']) && !$_SESSION['active']) {
    header("Location: http://login.mydomain.com");
    echo $_SESSION['access_token'].' test';
}
else {   
    echo 'Success!'; 
}
Improve this question
1
  • Use Firebug and/or HTTPFox in Firefox to view what's going back and forth in the headers. Usually a disappearing session is due to the session cookie being incorrect set, so you get a brand new empty session on the new page. Commented Aug 4, 2011 at 16:42

3 Answers 3

Reset to default
2

I had the same problem and I found when I use a relative url (location.ref="index.php"), all sessions variables exists. But when I use a absolute url (location.ref="http://mydomain.com/index.php") it kills all my session variables.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This was exactly my problem... and then I would end up with multiple sessions and couldn't tell which one would be loaded. Thank you!
1

You don't seem to be calling session_start() in the second code block.

Improve this answer

1 Comment

I see you are now. Fair enough, seemed a bit too easy.
0

From what you're saying you could have a couple of issues contributing to this problem.

  1. PHP cookies are set by the server when the page is loaded, no page load means no cookie is set, if you're using pure JSON with no page load then you may not be able to set your session and return it to the browser.

  2. Also remember that PHP sessions are effectively a cookie and the rules for cookies apply, so if you're setting a PHP session at api.mydomain.com and expect it to work at my.mydomain.com it probably wont work.

You can find a viable solution to handling login data and the sessions over multiple sub-domains here

Improve this answer

8 Comments

I've checked what you said, but sessions are also set when you call a page via XMLHttpRequest, the problem is that each time I call the php file via XMLHttpRequest I get an other session_id, why is this so?
Please elaborate on 'another session_id'? Do you mean that the session info is stored but the session_id being used is different to what you expect it to be? You said in your question "there are no session variables set"
I've added following line to api.mydomain.com: echo session_id(); Each time api.mydomain.com is called I get another session_id returned.
That would be because api.mydomain.com is creating a new session each time it is called from what you're saying, you may want to add a line like if(!isset($_SESSION['active'])) { $_SESSION['active'] = true;}, this should stop the script creating a new PHP session each time the script is called
the api-call has a Response-Header: PHPSESSID=4acb4d659b963ab4a4ceb33ae362dc50; but the cookie is not set in the browser
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.