How to configure session.save_path inside php.ini for webpack4 based website?

Question

I already received very helpful information on my overall problem here: session_start() causes error: No such file or directory (fresh, portable XAMPP)

I need the session variables for my login functionality, and Ive already found my php.ini and configured the path to session.save_path = "D:\foundationtests\src\assets\Session"

It is thereby also located outside my servers DocumentRoot.

So far, the behavior of my website hasn't changed much, and I've already rebuilt the project via foundation watch (using ZURB foundation 6.4 Framework based on webpack4, Babel7 and Gulp) and the Session folder appears in the dist folder.

In the php file where I set the Session Variable, it seems to be accessible since I can echo it, I'll give you a simplified piece of code:

  session_start();

  $_SESSION["loggedUserID"] = 9;

  echo $_SESSION["loggedUserID"];

However, after executing this script, when I want to access the Session variable from another script, it seems the data was lost:

session_start();

echo $_SESSION["loggedUserID"];

I get the following errormsg in my browser console.

<br />
<b>Notice</b>:  Undefined index: loggedUserID in <b>D:\foundationtests\src\assets\php\globallyUsedFunctions\retrieveLoggedUserID.php</b> on line <b>4</b><br />

Also, I cant find any files created by php inside the Session Folder.

However, for example I'm not sure if I'm configuring the path correctly. After all, it is the dist folder from which the built project is executed.

But since Im pretty new to both modular website projects and the configuration of a php/apache server, I have no idea what might be the cause of this...^^

I'm running my server from XAMPP, on a windows 10 machine without admin privileges. However, at least I as a user can create new files and stuff on the D partition both my server and my project are located at.

EDIT:

After restarting my webserver, Session files were created inside my Session Folder. However, when I set $_SESSION["indexname"] on phpFile1, then click a button which calls phpFile2 which first does session_start(); and then tries to access the value inside $_SESSION["indexname"] I get back the error from above. The session file created by phpFile1 is still there and it also contains data, but then theres another session file created by phpFile2 and this one is empty and so my first guess would be that the server accesses this second, empty file and there of course finds nothing. But what can I do to change this.

When I call phpinfo() from the php files and echo it to my front-end where I try to console.log() it, I get the following response:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; color: #222; font-family: sans-serif;}
pre {margin: 0; font-family: monospace;}
a:link {color: #009; text-decoration: none; background-color: #fff;}
a:hover {text-decoration: underline;}
table {border-collapse: collapse; border: 0; width: 934px; box-shadow: 1px 2px 3px #ccc;}
.center {text-align: center;}
.center table {margin: 1em auto; text-align: left;}
.center th {text-align: center !important;}
td, th {border: 1px solid #666; font-size: 75%; vertical-align: baseline; padding: 4px 5px;}
h1 {font-size: 150%;}
h2 {font-size: 125%;}
.p {text-align: left;}
.e {background-color: #ccf; width: 300px; font-weight: bold;}
.h {background-color: #99c; font-weight: bold;}
.v {background-color: #ddd; max-width: 300px; overflow-x: auto; word-wrap: break-word;}
.v i {color: #999;}
img {float: right; bo…

I dont know why I get this, it seems wrong to me because it has little to do with php, but I also dont know how to change this.

EDIT: The var_dump() of session_get_cookie_params() as per request of misorude.

array(6) {
  ["lifetime"]=>
  int(3600)
  ["path"]=>
  string(1) "/"
  ["domain"]=>
  string(14) "localhost:8000"
  ["secure"]=>
  bool(false)
  ["httponly"]=>
  bool(false)
  ["samesite"]=>
  string(0) ""
}

Answer 1

So I finally made it, here's what I had to do overall! I worked in the latest, no-install XAMPP and on ZURB Foundation 6.4 ZURB template project.

To establish a session across domains via AJAX, one has to make the following configurations:

Set your headers through the called php skripts, like so:

Header("Access-Control-Max-Age: 360");
Header("Access-Control-Allow-Credentials: true");
Header("Access-Control-Allow-Methods: *");
Header("Access-Control-Allow-Headers: Origin");
Header("Access-Control-Expose-Headers: Access-Control-Allow-Origin");
Header("Access-Control-Allow-Origin: "http://localhost:PORT FROM WHICH AJAX CALL IS  PERFORMED");

You can also do this inside your httpd.conf in your directory section, like so:

Header set Access-Control-Allow-Origin "http://localhost:8000"

and so on...

Then, you need to go into your php.ini and configure the following for your session: session.save_path = "D:\Path\To\src\Session"

Then, assuming you left everything else in default setting, you need to configure the following cookie parameters like so:

session.cookie_lifetime = 3600
session.cookie_domain = localhost 

(if your working with localhost domain)

Then, if youre using AJAX, you have to manually set the object doing the invokation to submit credentials, otherwise browsers dont send cookies across domains, like so:

   $.ajax({
      type:"POST",
      url: 'http://localhost:8099/test3.php',
      xhrFields: {
     withCredentials: true
     }
  }).then((response) => {
    console.log(response)
  })
}

The xhrFields - withCredentials is the very important part here! If its not set to true, no cookie will be transmitted across domains.