4

I am on m.example.com and want to get session from www.example.com

php code (session.php):

   <?php

  ini_set('session.cookie_domain', '.jeelplus.com'); 
session_set_cookie_params(0, '/', '.jeelplus.com'); 

header("Access-Control-Allow-Origin: *"); 
header('Access-Control-Allow-Methods: POST, GET');
header('Access-Control-Allow-Headers: Authorization, X-Requested-With, Content-Type, Origin, Accept');
//header('Access-Control-Allow-Credentials: true');

   session_start();  
  print_r($_SESSION);
  echo('11111111111111111');
  exit;
?>

jquery code:

function userIsLoggedIn(){
       var logged_in = null;    

       $.ajaxSetup({cache: false, crossDomain:true, headers: {"X-Requested-With": "XMLHttpRequest"}, xhrFields: { withCredentials: true }})
       $.get("http://www.example.com/session.php", {requested: 'foo'}, function (data) {
            alert(data);
           logged_in = data;    
        });  
}

response:

Array
(
)
11111111111111111

what are the missing steps??

Ayman Hussein
  • 3,817
  • 7
  • 28
  • 48
  • you're not sending the session-cookie via your AJAX request. – Tularis Mar 23 '14 at 15:46
  • how can i do that? @Tularis – Ayman Hussein Mar 23 '14 at 15:48
  • can you provide me full code for that. – Ayman Hussein Mar 23 '14 at 15:49
  • Cookies are sent in the HTTP headers and should be okay to share across subdomains. The best way to check whether the cookies are being sent is by using the inspector (chrome) or firebug (firefox) and look at the request sent by AJAX. You should be able to see the cookie in the request headers. – mic Mar 23 '14 at 15:56
  • what i need simply, read session from server using ajax and i enable cross domain but the session return empty. – Ayman Hussein Mar 23 '14 at 16:00
  • @Tularis: Should one _have_ to send the cookie manually? If the cookie is set and valid for the `www.example.com` domain, I’d expect the browser to send it with the AJAX request automatically … or is that different for cross-domain requests? – CBroe Mar 23 '14 at 16:23
  • Yes, you do need to send cookies in AJAX requests manually. Basically an AJAX request is a bare request, with no headers aside from the absolutely minimum required. Cookies are not automatically passed, but can be passed manually by setting `withCredentials` to true. [This stackoverflow-question](http://stackoverflow.com/questions/2320110/how-do-i-set-a-cookie-header-with-xmlhttprequest-in-javascript) should help with that – Tularis Mar 23 '14 at 18:33

1 Answers1

-2

Session is not managed for subdomains. You have to use cookie.

dipmala
  • 2,003
  • 1
  • 16
  • 17