SessionID is not communicated between Client/Server in webpack4 project with php/apache backend

Question

I'm testing out ZURB foundation which runs on webpack4, babel7 and gulp (as taskrunner). My backend is built with a no-installation, latest XAMPP. I'm running apache from it and my php.

The basis for client/server communication works. Im using jquery AJAX to call php scripts and push/pull data to/from MariaDB. Now I want some persistence for my login functionality.

I configured my php.ini so that the session files are located inside /Session folder which resides inside the src/assets folder of my ZURB Foundation project. Here is a (rather large) excerpt from my php.ini. I included a bit more stuff because as I've learnt here How to configure session.save_path inside php.ini for webpack4 based website? this might also be about cookies. And Im totally new to all this and Ive never configured any cookie functionality so far so I dont know which one of these settings might be important.

; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
;session.save_path = "\xampp\tmp"
session.save_path = "D:\foundationtests\src\assets\Session"
; Whether to use strict session mode.
; Strict session mode does not accept an uninitialized session ID, and
; regenerates the session ID if the browser sends an uninitialized session ID.
; Strict mode protects applications from session fixation via a session adoption
; vulnerability. It is disabled by default for maximum compatibility, but
; enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
session.use_strict_mode = 0

; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1

; http://php.net/session.cookie-secure
;session.cookie_secure =

; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the be-all and end-all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1

; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID

; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0

; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /

; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =

; Whether or not to add the httpOnly flag to the cookie, which makes it
; inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly =

; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
; Current valid values are "Lax" or "Strict"
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
session.cookie_samesite =

; Handler used to serialize data. php is the standard serializer of PHP.
; http://php.net/session.serialize-handler
session.serialize_handler = php

so the current behavior is that session files are created, but not accessed. I have the following phpExample1:

<?php
session_start();
$_SESSION["id"] = 10;
 ?>

Then I have phpExample2:

<?php
session_start();
$test = $_SESSION["id"];

echo $test;
 ?>

In this case I get the following error on my console.log() in the receiving JS code:

<br />
<b>Notice</b>:  Undefined index: loggedUserID in <b>D:\foundationtests\src\assets\php\globallyUsedFunctions\retrieveLoggedUserID.php</b> on line <b>4</b><br />

There seems to be an issue that the session file containing the users session data cant be accessed, probably because the session ID was somehow lost/not transmitted. This is also indicated by the fact that phpExample1 actually creates a session file with the respective data, but when I run phpExample2, a new, empty session file is created. This also concurs with the php documentation which says that session_start(); either starts a new session or continues an existing one. I have no idea which parts of my backend/front-end, webproject or XAMPP I have to lay my hands on to fix this problem. I'm also somehow lost on how to google this ^^

I already looked into php documentation and I also tried echoing session_id() from my phpExample2 after I had executed phpExample1. But I get an empty string to my console.log(), so basically nothing was found, which again fits into the context of session_start() creating new sessions instead of continuing the existing one.

EDIT: As per request, I post the var_dump() result of $_REQUEST and $_COOKIE here:

array(0) {
}
array(0) {
}

EDIT2: The response headers from the phpExample1 AJAX:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 2
Access-Control-Allow-Origin: *
Set-Cookie: io=27GSwfgTRlPYm5-nAAAU; Path=/; HttpOnly
Date: Mon, 26 Aug 2019 09:57:40 GMT
Connection: keep-alive

Okay I think I got the wrong one, THIS one should be right!

HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:09:19 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=aaghn2jdh4hgfhlsagoep5lqvr; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

EDIT3: the AJAX headers to phpExample1 look like this:

responseHeader:

HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:38:07 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=bu2ggojkrkpqen33kh6r63pd36; path=/; domain=localhost:8099
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

requestHeader:

Host: localhost:8099
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 115
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/login.html

Then, the headers for phpExample2 (the php where the session should be continued and the data written to $_SESSION should be accessed) after phpExample1 had been executed:

responseHeader:

HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:38:09 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=3isk6nf8fi2k3n4mfcfmtkv62d; path=/; domain=localhost:8099
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 367
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

requestHeader:

Host: localhost:8099
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/login.html
Content-Length: 0

Note that for these requests, I had set session.cookie_domain = localhost:8099 inside my php.ini. I also tried out :8000 for this, but it didnt change anything except ofc for the headers showing a different port.