2

I have an api with php implemented for login authenrication:

http://somerestsertver.net/sampleapi/auth-login this sets the login session id (e.g. after verifying user credentials)

http://somerestsertver.net/sampleapi/auth-check this checks the login is valid if the session id is set or not

http://somerestsertver.net/sampleapi/auth-logout and this destroys the session and needed logout ...

I set login with $_SESSION["id"]=1 when auth-login in the code then auht-check would be ok, otherwise the auth-check would contain errors.

it is ok when I call these urls in browser or a ReST Client, but using them in my angularJS code returns errors for http://somerestsertver.net/sampleapi/auth-check!

it seems the session set is not available via PHPSESSID in the client and it is not working properly Is it related to sandbox or CORS or html header requests?

Ebrahim
  • 1,740
  • 2
  • 25
  • 31

1 Answers1

1

Hi I solved the problem finally this way:

Client side, in angularJS I put this in my route-config to apply for all request to ReST-API

$httpProvider.defaults.withCredentials = true;

I think I should have mainly use in .htaccess for web server:

Header add Access-Control-Allow-Credentials "true"

but for your attention, I updated finally the whole .htaccess file to the following:

Header add Access-Control-Allow-Origin "http://localhost:3000"
Header add Access-Control-Allow-Credentials "true"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "GET, POST"
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index[0-9]?\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>

also I use the following for JSON response in php: $response="desired JSON response OBJECT"; $status='OK or unauthenticated or ...' ; $status='200 or 403 or ...'; header("Content-Type:application/json"); header("HTTP/1.1 $status $status_message"); echo json_encode($response); exit();

Hope this question and answer helps you

Ebrahim
  • 1,740
  • 2
  • 25
  • 31