0

I need to set a php session using jquery ajax
in the code below everything works - but seems - the session is not created
what is wrong, pls ?

music.php

session_start();
if(isset($_SESSION['ad'])){echo $_SESSION['ad'];}  // nothing is echoed

include('music_pro.php');

music.js

var str = 'lorem';
$.post('music_pro.php', {fn: 'admin_prompt', args: [str]}, function(data){
    console.log(data);  // ok
    if(data == 'ok'){location.href = location.href;}
});

music_pro.php

if(isset($_POST['fn'], $_POST['args'])){
    $fn = $_POST['fn']; $args = $_POST['args'];
    $fn(...$args);
}

function admin_prompt($str){
    if($str == 'lorem'){
        $_SESSION['ad'] = 1;  // seems this line doesn't work
        echo 'ok';
    }
}
provance
  • 877
  • 6
  • 10
  • 1
    You must put `session_start();` at the beginning of music_pro.php, in order to access Session variables in that script. https://www.php.net/manual/en/function.session-start.php – ADyson Dec 16 '22 at 11:09
  • @ADyson - I tried but getting warning - session is already started because is `music_pro` is included in `music.php` after session is started – provance Dec 16 '22 at 11:10
  • P.S. Allowing the client-side code to specify any arbitrary PHP function to be executed is a _huge_ security hole. You **must** apply some whitelisting if you're going to do that. – ADyson Dec 16 '22 at 11:10
  • `because is music_pro is included in music.php`...why would you do that? music_pro's job is to deal with the AJAX request, from what we can see here. It should not need to be part of music.php - I assume you don't really need its code when music.php is running? If you do need to share the functions, then put the admin_prompt() function in a 3rd file, and `require` that from both `music.php` and `music_pro.php`. – ADyson Dec 16 '22 at 11:11
  • 1
    You dont CREATE `$_SESSION['ad']` until you get to `music_pro` but you include `music_pro` AFTER you test for its existance in `music` – RiggsFolly Dec 16 '22 at 11:11
  • @RiggsFolly - does it mean that I cannot access `music_pro` via ajax - if it is included in a page ? – provance Dec 16 '22 at 11:16
  • 1
    **No** Stop, take a breath, look at the code, bench test it! `music_pro` is code to process the AJAX request, why are you including it in `music`? Note, you have an echo in Both scripts, so the response to the AJAX call (back in the javascript) will be both those echo's Is that what you want? Again, stop and think what you are trying to achieve rather than rushing around trying to fix an issue that probably does not need to exist – RiggsFolly Dec 16 '22 at 11:22
  • @RiggsFolly yes, but you won't get both echos as the response to the AJAX, because the AJAX only calls music_pro, which only has one echo :-) – ADyson Dec 16 '22 at 11:26
  • `does it mean that I cannot access music_pro via ajax - if it is included in a page`...no, no-one said that. Re-read the comments, and then have a good think about your program logic. The first, and main point is: It's unclear why you think music_pro.php needs to be included into music.php. – ADyson Dec 16 '22 at 11:27
  • @ADyson - if including `music_pro` inside `music.php` - is not a problem - I still can't understand why the session is not created, but I believe you're right. Thanks a lot, I will try to understand – provance Dec 16 '22 at 11:31
  • `I still can't understand why the session is not create`...the session is _created_, but in music_pro.php, when it's called directly by itself from AJAX, you don't have anything to _access_ the session. Don't be fooled by the name `session_start()` - it doesn't just create a session, but also enables access to an existing session, if there is one. The PHP session_start documentation explains this already, which is why I gave you a link to read it earlier. You can't access any Session variables in a PHP script unless you call session_start(); first. – ADyson Dec 16 '22 at 11:33
  • And of course, if you run music.php _before_ you have made any POST requests to music_pro.php, then `if(isset($_SESSION['ad'])){echo $_SESSION['ad'];}` will not echo anything, because the "ad" Session value doesn't exist yet. You will need to make at least one POST request to music_pro.php with the correct arguments set, so that the `$_SESSION['ad'] = 1;` line is executed, before that Session value will exist. – ADyson Dec 16 '22 at 11:37
  • @ADyson - Oh, I see now, thanks a lot for your efforts. Session is created but outside of `music.php` - and that's the essence. – provance Dec 16 '22 at 11:43
  • 1
    Yes I think you've understood it. Make sure you distinguish between "creating the Session" and "creating a value inside the Session", though :-) – ADyson Dec 16 '22 at 11:45

0 Answers0