When a user arrives at my site, a session is started for them. There is a point where a child window is spawned using JavaScript on my sites home page.
This child window goes to Twitter site to authenticate the user and it gets redirected back to a script on my site which stores some variables in a SESSION.
I have found out that the PHP script in the child window isn't aware of the session and session_id that is set already and it therefore starts a new session which means the parent window (index.php) can not access those session variables.
I am baffled. What can I do?
Update
Here is my code, but its not my code that is the problem, its the implementation that I am having trouble with.
index.php
<?php session_start(); ?>
oauth.php //child window
<?php session_start();
$_SESSION['screen_name'] = $twitterInfo->screen_name;
$_SESSION['profile_image_url'] = $twitterInfo->profile_image_url;
?>
When child window closes and I use AJAX to check a screen_name like so, it returns a no match as the child window oauth.php is using a different session (id).
<?php session_start();
sleep(1);
if(isset($_SESSION['screen_name'])){
echo 'done';
exit;
}else{
echo session_id().$_SESSION['screen_name'];
exit;
}
?>
If you use the same domain, then PHP should be aware of the session since all cookies are sent back to the domain that set them according to the HTTP specs.
Note that www.domain.com is a different domain then domain.com.
Cookies can also be set for a path on a domain, so make sure the path is the same.
Cookies can also be set for multiple sub domains using *.
If you post the relevant PHP code you have, it will help.
Related
I have a one page website that uses AJAX to load new php files and update the display.
I start my php session on the main page but when I use ajax to update inner html I need those session variables for the new php file being loaded.
This post is similar to this one: PHP Session Variables Not Preserved . But I checked and my php.ini has session.use_cookies = 1
Main Page PHP:
<?php
session_start();
if(isset($_SESSION['views']))
{$_SESSION['views']=$_SESSION['views']+1;}
else
{$_SESSION['views']=1;}
?>
After User Input I use ajax to call a php file and load a subsection of the page:
<?php
if(isset($_SESSION['views']))
{ echo "Views: " . $_SESSION['views'];}
else
{ echo "Views: NOT SET";}
?>
Can someone please tell me what important step I am missing? Thank you.
Update: After adding session_id() call to both the main and sub pages I see that both pages have the same Session_ID. However it still cannot pull the session variable and if i do assign it a value the two same name session variables stay independent of one another.
Answer to the question that this question created: I found that I had to set a static session_save path in my php.ini file. With most paid webhosting services they just have a default container for sessions but it is affected by load balancing. What a releif.
I think you're missing session_start() on the page that Ajax calls.
You need:
<?php
session_start();
if(isset($_SESSION['views']))
{ echo "Views: " . $_SESSION['views'];}
else
{ echo "Views: NOT SET";}
?>
You need to start session session_start() in the other PHP file also, the one you are calling through AJAX.
I ran into what i thought was the same issue when running PHP 7 on IIS Server 2012 today.
I had added:
if(!isset($_SESSION))
{
session_start();
}
to the start of each AJAX file but kept recieving the following PHP Notice:
PHP Notice: A session had already been started - ignoring session_start()
A bit of searching lead me to this thread which pointed me in the right direction to resolving the issues I encountered. Hopefully the following information will assist others encountering the same issue.
After checking the session.save_path value was set, in my case C:\Windows\Temp, I thought it best to check the folder permissions match those of the user account I was running IIS under.
In my case it turned out that the directory I had nominated for session storage (in php.ini) did not have the same user (security permissions) assigned to it as the one which was running the IIS site.
Interestingly sessions worked fine when not using AJAX requests prior to me adding the new user permissions. However AJAX did not pick up the session until I had corrected the permissions issue. Adding the same user account that IIS is running under immediately resolved this issue.
In the case of using a paid web hosting service the default session save path is automatically set like this:
http://php.net/session.save-path
session.save_path = "/tmp/"
You need to place the static path to your root folder there.
You're trying to use existing session data from your application in an ajax call. To do that, change how you're calling session_start like so:
// With ajax calls
if (session_status()==1) {
session_start();
}
When making ajax calls to php scripts that need existing session data, use session_start after session_status.
http://php.net/session_status
Need to initialize the session before you trying to login through ajax call.
session_start();
Initialize on the top of the page from where you start the login ajax call.
So that the SESSIONID will be created and stored the browser cookie. And sent along with request header during the ajax call, if you do the ajax request to the same domain
For the successive ajax calls browser will use the SESSIONID that created and stored initially in browser cookie, unless we clear the browser cookie or do logout (or set another cookie)
I need to reset session each time the user goes back to index.php, in the index i got
<?php
session_start();
if(isset($_SESSION['prevail'])) session_unset();
?>
where $_SESSION['prevail'] is first session variable that is set on the next page. At the moment when I visit any page it resets session just like it was loading index.php before loading the page (with isn't possible cause I use permanent links to pages and they aren't sharing any header.
It also happens when I put session_destroy() in other files.
On the server the app is in directory public_html/app and in public_html is wordpress installed. App has it's own subdomain though. Any suggestion will be appreciated :)
I need to reset session each time the user goes back to index.php
i will use below code to do so:
index.php
<?php
session_start();
if(!empty($_SESSION['prevail'])) {
unset($_SESSION['prevail']); // only unset that session
}
Try this.. ;)
I made a simple registration page, which after validation, adds a unique identifier to the session id to identify the user and also sets a session variable 'UID' to a custom value. Then the script redirects to a new page.
$_SESSION['UID'] = $id;
session_id($sessID);
echo session_id();
session_write_close();
header("Location: https://localhost/AccountWebsite/landing.php");
exit();
?>
The landing page is supposed to be accessible only by members (i.e. those with a special unique session id set by my script), and that functionality wasn't working. So to check why, at the moment I allow anyone to access the page and their session id is echoed, and so is the 'UID' session variable.
<?php
session_start();
echo session_id()."\n";
echo $_SESSION['UID'];
?>
Now, when I echo the id it isn't the one I set myself. It is the generic PHP one, and the variable doesn't exist. During debugging, I commented out the redirect in the registration script, and instead had it echo the session id that it had just set. The echoed id is correct (obviously since it's echoed in the script it's set in), although when I enter the cookie manager on Firefox, it displays the session id as the generic php one, which means the session is reset when the first script ends and not between sessions.
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening php tag before anything else.
Also ensure there are no whitespaces/tabs before the opening php
tag.
After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test it on.
Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
I have done all of the above from dayuloli's answer on this post
and have been debugging all day. Please help, why does the session not keep the id and variable values I set to it by the end of the script and sccross the whole server?
Additional info: I tried another example folder (on htdocs) where one page sets a variable and the other echoes it, and it worked.
You don't need to set a session_id unless you want multiple sessions. If you do specify a session_id, you need to call session_start() afterwards to start using it and submit the cookie into the client's browser.
Beyond that explanation, you need to use session_start() at the top of any script that requires sessions.
From http://php.net/manual/en/function.session-id.php:
session_id() needs to be called before session_start()
session_id() will always send a new cookie when session_start() is
called
I have a one page website that uses AJAX to load new php files and update the display.
I start my php session on the main page but when I use ajax to update inner html I need those session variables for the new php file being loaded.
This post is similar to this one: PHP Session Variables Not Preserved . But I checked and my php.ini has session.use_cookies = 1
Main Page PHP:
<?php
session_start();
if(isset($_SESSION['views']))
{$_SESSION['views']=$_SESSION['views']+1;}
else
{$_SESSION['views']=1;}
?>
After User Input I use ajax to call a php file and load a subsection of the page:
<?php
if(isset($_SESSION['views']))
{ echo "Views: " . $_SESSION['views'];}
else
{ echo "Views: NOT SET";}
?>
Can someone please tell me what important step I am missing? Thank you.
Update: After adding session_id() call to both the main and sub pages I see that both pages have the same Session_ID. However it still cannot pull the session variable and if i do assign it a value the two same name session variables stay independent of one another.
Answer to the question that this question created: I found that I had to set a static session_save path in my php.ini file. With most paid webhosting services they just have a default container for sessions but it is affected by load balancing. What a releif.
I think you're missing session_start() on the page that Ajax calls.
You need:
<?php
session_start();
if(isset($_SESSION['views']))
{ echo "Views: " . $_SESSION['views'];}
else
{ echo "Views: NOT SET";}
?>
You need to start session session_start() in the other PHP file also, the one you are calling through AJAX.
I ran into what i thought was the same issue when running PHP 7 on IIS Server 2012 today.
I had added:
if(!isset($_SESSION))
{
session_start();
}
to the start of each AJAX file but kept recieving the following PHP Notice:
PHP Notice: A session had already been started - ignoring session_start()
A bit of searching lead me to this thread which pointed me in the right direction to resolving the issues I encountered. Hopefully the following information will assist others encountering the same issue.
After checking the session.save_path value was set, in my case C:\Windows\Temp, I thought it best to check the folder permissions match those of the user account I was running IIS under.
In my case it turned out that the directory I had nominated for session storage (in php.ini) did not have the same user (security permissions) assigned to it as the one which was running the IIS site.
Interestingly sessions worked fine when not using AJAX requests prior to me adding the new user permissions. However AJAX did not pick up the session until I had corrected the permissions issue. Adding the same user account that IIS is running under immediately resolved this issue.
In the case of using a paid web hosting service the default session save path is automatically set like this:
http://php.net/session.save-path
session.save_path = "/tmp/"
You need to place the static path to your root folder there.
You're trying to use existing session data from your application in an ajax call. To do that, change how you're calling session_start like so:
// With ajax calls
if (session_status()==1) {
session_start();
}
When making ajax calls to php scripts that need existing session data, use session_start after session_status.
http://php.net/session_status
Need to initialize the session before you trying to login through ajax call.
session_start();
Initialize on the top of the page from where you start the login ajax call.
So that the SESSIONID will be created and stored the browser cookie. And sent along with request header during the ajax call, if you do the ajax request to the same domain
For the successive ajax calls browser will use the SESSIONID that created and stored initially in browser cookie, unless we clear the browser cookie or do logout (or set another cookie)
I'm developing a site using Wordpress.
My permalink structure is set to show post/page name. So accessing a page called store will look like this: www.mysite.com/store/?some=arguments
In all my WP templates, I'm able to output all my SESSION variables using print_r($_SESSION);
Doing the same from a file called from jQuery.ajax only outputs some of the SESSION varaibles.
I've used the following code to see if the cookie path is same for both files, and they are:
$sessCookie = ini_get('session.cookie_path');
echo 'session.cookie_path: '.$sessCookie;
I also have this code in my files to make sure session is started:
if (!session_id())
session_start();
Why am I not able to output the same session variables from a WP template and a php file called from jQuery.ajax?
UPDATE
jQuery.ajax calls jquery.php file. At the top of this file, it has the following code:
require_once($_SERVER['DOCUMENT_ROOT'].'/wp-blog-header.php');
This code fires functions.php. In this file I have the following code:
function session_manager() {
if (!session_id())
session_start();
// Get variables in query string
$_SESSION['action'] = (isset($_GET['action']) ? $_GET['action'] : '');
$user_geo_data = get_geoip_record();
$_SESSION['user_geo_location'] = get_object_vars($user_geo_data);
}
When functions.php is fired from jquery.php, it seems that session_id() returns false, thus I create a new session.
Is there a way to keep using the same session?
UPDATE 2
It seems that WP config kills all GLOBAL variables when initialized.
http://wordpress.org/support/topic/wp-blog-headerphp-killing-sessions
Wordpress can use its own session handler, and overrides the default session handler to do so. So in essence you've got two different sessions, even though they share the same ID. The cookie path is merely how the client-side cookie operates. What you need to check is session_save_path(), and check if WP is running sessions through the database instead of the default file handler.
The reason two sessions are fired up is because the first one is browser-based (through a cookie) and the second one, with Ajax, is essentially server-side and doesn't have access to the session cookie.
The session cookie is where the session ID is stored and is used to identify an existing session. A server-side Ajax script doesn't have access to the browser's cookies, thus fires up a new session.
It can be worse if the main script uses an alternate session "save handler" than the Ajax script, resulting in two separate sessions, stored in two different places.