Why can't I access session variables from my AJAX-called PHP script?

Question

I have one PHP script with a session variable, set like so:

$_SESSION['VAR1'] = "test"

Now, I am using AJAX via a jQuery-initiated POST request, and so I have a script named ajax.php which has all the required functions.

And when I try access my session variable (echo $_SESSION['VAR1']) in ajax.php, it produces nothing.

Does session does not work from AJAX requests?

Answer 1

In jQuery or JavaScript, you can get the session value like this:

var StepIndexval = '<%= Session["StepIndex"].ToString() %>';

alert(StepIndexval);

Answer 2

My own error was BOM character in my ajax file.I was need to use session variable in a ajax called php file.I tried to start session by session_start() but "cannot modify header information" occurs.I removed BOM character and code works very well.

Answer 3

An addendum to what Salman A wrote:

If you set a session variable in an https:// file and try to access it with a http:// file you will not be able to...

https://www.example.com/index.php - call session_start() and set session variable
http://ww.example.com/index_tmp.php - unable to access session variable

and vice versa...

http://www.example.com/index.php - call session_start() and set session variable
https://ww.example.com/index_tmp.php - unable to access session variable

Rather:

https://www.example.com/index.php - call session_start() and set session variable
https://ww.example.com/index_tmp.php - Able to access session variable

And:

http://www.example.com/index.php - call session_start() and set session variable
http://ww.example.com/index_tmp.php - Able to access session variable

Answer 4

I also caught myself on having one little, tiny, hard to see, space just before "< ? php " This ended up sending information back and disallowing the session to start because header information was already sent. May not be the case for anyone else, but it tripped me up and brought me to this page in search of an answer.

Answer 5

Make sure no content has been echoed (not even a whitespace) before calling session_start().
To be safe, put the code as the first code of whatever template you used for the page. The function will not work if content has been sent to the browser.
To test and see where the problem is, call the page as a stand-alone, instead of through AJAX and ensure that it works before AJAXing it.

Answer 6

Make sure that the domain names for both pages (i.e. the AJAX container and the AJAX script are same). Here is an example:

http://mydomain.com/login.php           (set session variables here)
http://mydomain.com/ajax-container.php  (session variables are visible here)
http://mydomain.com/ajax-script.php     (session variables are visible here)
http://www.mydomain.com/ajax-script.php (session variables are NOT visible here)

Another one:

http://www.mydomain.com/login.php          (set session variables here)
http://www.mydomain.com/ajax-container.php (session variables are visible here)
http://www.mydomain.com/ajax-script.php    (session variables are visible here)
http://mydomain.com/ajax-script.php        (session variables are NOT visible here)

Answer 7

You need do this on every page that accesses the session before you access it:

session_start();

That means on both the page that sets the session variable and the AJAX page that tries to retrieve it. Both need to call session_start().

As long as the AJAX request calls a script in the same domain (and thus gets access to the session cookie) there is no reason why it couldn't get access to the session variables. An AJAX request after all is just another HTTP request.