PHP: Session variable lost, session id changes (using Ajax)

Question

I'm new to PHP and am having trouble using session. I call a login php-script from javascript using AJAX. There I want to create the session and set a value.

<?php
ini_set('display_errors', 1);
session_start();
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');

$_SESSION['username'] = "username";

?>

I handle the response in javascript and call another php-script again using AJAX. The other file looks like this:

<?php
ini_set('display_errors', 1);
session_start();
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json');

$username = $_SESSION['username'];
?>

But username is null. If I request the session ID in both files, the session ID changed. From the first file a Response Cookie containing a PHPSESSID is sent. Do I have to use this id in the AJAX call calling the second script?

Update: As requested the AJAX-Code:

function callAjax(url, data, successCB, errorCB) {
    $.ajax({
            url: url,
            type: 'post',
            data: data,
            success: successCB,
            error: errorCB
    });
}

Called like:

callAjax(GET_TEMPLATES_PHP_URL, {}, onGetTemplateSuccess, onRessourceRetrievalError);

I checked the answers in similar SO question, but they did not help.

Any ideas? Thanks in advance.

check the session cookie settings. e.g. if your session was set for `/foo` subdir, and your ajax code is in `/bar`, then the cookie will not be visible. — Marc B, Feb 09 '15 at 15:16
Show us the Ajax/JS. I can't see how this would fail. However, this `$_SESSION['username'] = "username";` should most likely be `$_SESSION['username'] = $username;` — Funk Forty Niner, Feb 09 '15 at 15:19
@JayBlanchard Shouldn't matter. Error reporting doesn't count as output. *Mornin' Ralph* — Funk Forty Niner, Feb 09 '15 at 15:23
Ahhhhh...seems I encountered this before @Fred-ii- but I just tested and you're right. *Mornin' Sam* — Jay Blanchard, Feb 09 '15 at 15:24
@MarcB Hi session_get_cookie_params returns "/" for path in the first php file. That's alright, isn't it? Even if my phpscripts are in "/" and my javascript file is in "/scripts/".? — Androidicus, Feb 09 '15 at 15:32
You can find help in this thread: http://stackoverflow.com/questions/2870371/why-is-jquerys-ajax-method-not-sending-my-session-cookie — n-dru, Feb 09 '15 at 15:45

score 2 · Answer 1 · answered Feb 09 '15 at 16:09

Thanks to user n-dru I figured it out. I called the script like "http://myside.com/script.php" from "http://www.myside.com/index.html". Because the 'www' was missing from the script-call it was a call to a different origin. So the cookie got lost. I added the www, removed the "Allow Orgin"-stuff from php and now it works.

Thanks everyone!

PHP: Session variable lost, session id changes (using Ajax)

1 Answers1