$_SESSION variable empty when accessing from AJAX on different port

Question

I have created a site which has a PHP side to it this runs on port 80 (index.php), when I login it sets the session variable with the userid.

I then click a link which takes me to port 8080, this is a JavaScript file which carries out node.js processes (live.html).

From this node.js client file (live.html) I request the userid from a file called getUserSession.php which echos out the userId from the session.

When I run the AJAX request (live.html), it returns that the session userid is empty however if I manually insert the URL to the web browser it echos the user session (http://localhost:8080/getUserSession.php).

I have dumped the array into the response and it tells me that the $_SESSION variable is empty.

I also attempted to returned a plain text string test - this returns with no problem, so it seems to be an issue with accessing the session variable from a different port, and not the actual AJAX call itself.

UPDATE: This is how I eventually resolved the problem.

I added this to the index.html file:

$.getJSON("`http://localhost:80/getUserSession.php?callback=?`", { username: "lazy"}, function(json){
      username = json.message;
    });

And added the following to the php file:

<?php
session_start();//start the session
$user2 = (string)$_SESSION['username'];
$callback = $_GET["callback"];
$user = $_GET["username"];

if($user == "lazy") {
  $response = array("message" => $user2);
} else {
  $response = array("message" => $user2);
}

echo $callback . "(". json_encode($response) . ");";

Still needs tidied up but it works. Thanks for the help

This question is NOT a duplicate of either of those questions. CORS is not the issue here, he's receiving a response with an empty userid. — Kevin B, Mar 12 '14 at 18:26
Correct Kevin, I have updated the original post with a workaround. Its not very tidy but it works for now.Shane — Shane_S, Mar 12 '14 at 18:49
After reviewing the two questions, I agree that this is not a duplicate. — JasonMArcher, Mar 17 '14 at 18:26

score 2 · Accepted Answer · answered Mar 12 '14 at 17:56

When you make the request to php from the browser, a session is created linked to the browser. When you make the request to php using node.js, a new session is created between php and that node.js request because node.js is not the same client as the web browser.

One workaround would be to pass the session token information to node.js so that node.js can request the php file as the same client, however i'm not sure if that's something you can do with php out-of-the-box. With coldfusion it's as simple as passing the cftoken and cfid if you're using the default settings for session management.

Ref for further reading: http://www.php.net/manual/en/session.idpassing.php — Kevin B, Mar 12 '14 at 18:13

$_SESSION variable empty when accessing from AJAX on different port

1 Answers1