4

Here is what I do:

my login form is on www.mysite.com/login.html: (subdomain www!)

 function authenticate(userName, password) {
    $.ajax
    ({
        type: "POST",
        //the url where you want to sent the userName and password to
        url: 'http://server.mysite.com/ajax/auth.php',
        dataType: 'json',
        async: false,
        cache: false,
        data: 'vardas='+userName+'&psw='+password,
        success: function (data) {
                {
                    window.location.replace('/main.html');
                }
        }
    })
    }

Here is my ajax/auth.php:

header('Content-type: application/json');
header ("Access-Control-Allow-Origin: http://www.mysite.com");
header('Expires: ' . gmdate('r', 0));

session_start();
$_SESSION["ok"] = 1111; <- test value

Here is main.php:

<script>
  $(function() {
    $('#home').load('http://server.mysite.com/ajax/loader.php', function() {
    })
  });
</script>
<div id=home></div>

Here is my ajax/loader.php :)

<?
    header ("Access-Control-Allow-Origin: http://www.mysite.com");
    header('Expires: ' . gmdate('r', 0));

    session_start();

    var_dump ($_SESSION); <---- OUTPUT IS (0) EMPTY!! Why ?
?>

Why this does'nt work? I always get $_SESSION empty.

Improve this question
1
  • Is this cross-domain, or within the same domain? Commented May 21, 2012 at 20:24

4 Answers 4

Reset to default
2

session_start(); MUST be the very first thing to produce any output. You have it below your header() stuff. It needs to go first.

See the first note here: http://www.php.net/manual/en/function.session-start.php

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

If all domains are on same server, use these three lines everywhere before call to session_start

$session_name = session_name("somename");
ini_set('session.cookie_domain', '.mysite.com');
ini_set('session.save_path', 'C:\tmp');
session_start();
Improve this answer

Comments

0

You are never calling the authenticate that runs the ajax request, to call auth.php and sets the session vars. you .load http://server.mysite.com/ajax/loader.php that calls session_start, but at no point do you call authenticate() so your session never gets filled.

Also, Access-Control-Allow-Origin isn't fully supported yet, so depending on the browser it may be blocking your cross-domain request.

Improve this answer

2 Comments

I'm not seeing where this is cross-domain. Everything seems to be at mysite.com.
Cross-domain is also across subdomains this is calling the server subdomain from the main mysite.com domain, which would get blocked as cross-domain. Access-Control-Allow-Origin allows cross-domain but isn't fully supported.
0

I don't understand why you have a login.html and there after the ajax execution, you have this main.php redirection page? Am I right? If this is the case, why won't you just simply redirect the user after form submission and let the server validates the authentication before it renders the page?

Now, if that is not the case, always be reminded that session data will not take effect when you set it by ajax and in your current page, you will call it. It definitely will not work.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.