Reputation: 749
PHP session lost through jquery ajax?
A customer of ours is currently experiencing trouble. Our system uses AJAX requests for all communication with the server after logging in. Wherever $_SESSION is being used, session_start(); is on top of the script - which is contained in a try...catch, because of a custom error handler which throws an exception on error. Thus, the pseudo-code looks like this:
//set_error_handler_here
try{
session_start();
//do_something_with $_SESSION
(...)
} catch($e){
//handle error
}
Now, the problem: our customer seems to lose the session at random, by which i mean that f.e. $_SESSION['id'] will throw an "unknown index"-error. This is the case in both Internet Explorer and Chrome. We have tested this system among various systems for several months and can confirm that we have not had this error before.
We do not use suhosin. There is also activity within the time before the session expires. Does anyone have any ideas as to what the solution may be?
edit: i eventually conducted a test to see if $_COOKIE['PHPSESSID'] was set. isset($_COOKIE['PHPSESSID']) returned false. This means the client is probably being bothered by some form of malware, considering it happens on both browsers. I would like to thank everyone who did try and help out, certain options were ones we had not thought of.
Upvotes: 2
Views: 6836
Answers (2)
Reputation: 1462
This might be a rare case, but if anyone has done the same error I did he might benefit.
I had the same problem, the php session was lost. I am not using jquery ajax but simple xmlhttp ajax, but I think this doesn't matter, in the background the same steps do take place.
I fixed this problem after stoping using an ip address for my ajax requests, so from this: http://1.2.3.4/index.php?somekey=somevalue I went to this: http://www.example.com/index.php?somekey=somevalue
Upvotes: 1
Reputation: 7279
Case 1
Are you validating the http user agent?
if so that could be an issue as IE will use different user agents when it runs in compatible mode and normal mode.
case 2
do you have clustering application servers? and so it might be the case where session file is stored in one server and next request goes to another server?
case 3
May be application level bug, where session is unset based on condition or an user or something
case 4
If you have an iframe, It's also possible that because you're setting the cookies in an iframe, that the browsers may view it as a third-party cookie and reject it unless explicitly set out in the browser preferences to
In that case you would need a P3P header on the pages from where you're trying to set the cookies from.
I suggest you to set some dummy cookie and see whether it is coming back. And also set the session cookie as httpcookie so that it cannot be accessed from javascript (assuming some script malforming cookie).
Upvotes: 1
Related Questions
- php session not working with ajax
- php session lost after redirecting with ajax
- PHP session is coming back null
- $_SESSION lost on AJAX request
- Ajax and PHP Sessions
- PHP session is empty jquery ajax
- PHP and jQuery AJAX $_SESSION Bug
- php sessions value get wiped after ajax request
- jquery ajax and php session
- jQuery AJAX and PHP session issue