1

I am working on a project which require sessions. I have my PHP files on a server and I am coding the front end in Angular, locally at the moment. I am creating a $_SESSION in my php file for when a user logs in. Creating the post request on my local angular project, any $_SESSION property is returned as empty (e.g. $_SESSION['key'] is empty). However, it works fine when testing on Postman, and also works fine when I compile my angular app and put it on the server... So it works on Postman, and on the angular app on the server, but not the angular app locally (with the exact same code). I have added CORS to my PHP files, and can use many other post/get requests locally, just not the session. Is there any particular reason this doesn't work, or a way to get it working locally? As I don't want to compile and upload the project every time to test it out.

Any other information needed, please let me know.

Thank you in advance.

DevStacker
  • 675
  • 10
  • 23
  • Did you do `session_start()` before requesting it? – Timberman Jan 13 '20 at 15:25
  • @Timberman , Yes, `session_start()` is at the top of the page, the only thing(s) above that are the CORS – DevStacker Jan 13 '20 at 15:27
  • Do you have sessions enabled locally? In your XAMPP for example – Timberman Jan 13 '20 at 15:29
  • @Timberman I'm not too sure, how can I check this? Since the PHP is on a live server (and not on a localhost server) I would assume it is already enabled, without having to change anything in a php.ini file? Thanks – DevStacker Jan 13 '20 at 15:31
  • You could simply check by doing session_start(); Then setting a session, and read it immediately after. On else empty file – Timberman Jan 13 '20 at 15:32
  • I believe it is working, I have done the following, immediately after `session_start();` `$_SESSION["favcolor"] = "green";` `echo (' session - ' . $_SESSION["favcolor"]);` And it show's in my response that the color is green – DevStacker Jan 13 '20 at 15:36
  • Are you making your AJAX requests using the `withCredentials` flag? (Resp. whatever the equivalent of that is in Angular.) If not, the cookie containing the session ID will not be send with cross-origin requests. And if PHP does not get a session id, it will simply start a _new_ session, in which of course all those value will not be set at this point.) – 04FS Jan 13 '20 at 15:42
  • @04FS I am not. in my post request I am sending the data (which has been JSON.stringified), and the headers, which is `content type application/json`. Would I add the `withCredientials into the headers? – DevStacker Jan 13 '20 at 15:49
  • No, that is an option that has to be set with the request object itself. https://stackoverflow.com/questions/38615205/angular-2-http-withcredentials – 04FS Jan 13 '20 at 15:51
  • Hi @04FS I have had a look at adding `withCredentials`, with a few additions to CORS on my PHP side, when reloading my local app now, I am getting the following warning: A cookie associated with a cross-site resource at `mysite` was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at... I still cannot retrieve the `$_SESSION` locally Thanks – DevStacker Jan 13 '20 at 16:18

0 Answers0