Something rewriting session ID's in Zend

Question

I was trying to use jQuery.address plugin, to create some deep linking. But as soon as I started .change() function and launched a javascript, my backend PHP application would log me out.

I deduced, that this must be because every ajax request I launch seems to be regenerating the session_id.

If I try to echo the session id from preDispatch the sessionId is the same as from the window that launched the request.

If I try to echo it from postDispatch it has already changed to something else, and when I refresh the main window, the main windows sessionId has changed too.

What could be setting it?

EDIT 26-06-2011 12:00

I have found the code that seems to break my application.

After I have reloaded the page with the hash (#), I use a function inside $.address.change() function to find out which state to load. Since I have only gotten to work with one of the 3 panels I have in my app, it just checks one parameter like this:

urlVar=this.path();
resArray = urlVar.split('/');
urlVariable = resArray.shift();
if (typeof urlVariable != "undefined") {
   f.selectFromLeftPanel(urlVariable);
}

And in the selectFromLeftPanel() goes something like this:

if (typeof context == "object") {
            var itemId = $(context).attr('id');
            $("#" + itemId).addClass('loading');
            Frontpage.closePanes();
            $.address.value(itemId);
        } else if (typeof context == "string") {
            itemId = context;
        }

        switch (itemId) {
        case 'zebra_left_window_forms':
            c.log($(this));
            Frontpage.resetPane(Frontpage.firstPane);
            Frontpage.getPaneContent(Frontpage.startCategory,
                    Frontpage.firstPane, 'category', function() {

                        f.showPane(Frontpage.firstPane, itemId);

                    });
            f.setSelected(context, f.zeroPane);
            break;
             }

The pane's are just columns I am using to hide/show different areas with content. the getPaneContent() function is where the ajax call is made, like this:

$.get(Frontpage.BASEURL + data + "/rand/" + rand + "/value/"
                    + value + "/time/" + Math.random(), function(result) {
                Frontpage.resetPane(pane);
                var $newrow = $(into).find('div:first');
                // c.log($newrow);

                $($newrow).after(result);
                var retValue = $('#returnData', pane).html();
                c.log(retValue);
                $('#returnData', pane).remove();
                $('#zebra_content_pane_back_button').attr('href', retValue);
                $('#zebra_content_pane_back_button').attr('rel', retValue);
                Frontpage.hideBackButton();
                if (callbackFn) {
                    if (typeof callbackFn == 'function') {
                        callbackFn.call(this);

                    }

                }
                delete result;
            });

Ok, now more in detail about the problem itself:

What happens is, that while making the ajax request, the session data is somehow lost. Since the app user MUST be logged into the system to do anything, the login screen is shown after the getPaneContent() function has been called, therefore after the ajax call has been made. I tested this with a section of my page, that I made not to ask for the session, and I saw, that the session was empty. Since I don't clean the data out, and the timeout for the session has not happened yet, it must be, that the session id is somehow changed while doing the Ajax request, and thus the new session ID does not have any data associated with it.

Now, the problem - If I don't use the jQuery.address plugin, the logouts don't happen . The ajax works just fine, but each ajax response has a Set-Cookie header set, that changes the main screens Session ID. I do think, that this could somehow be involved in the problem. How do I avoid the logouts?

Also, the logouts only happen, if I call the f.selectFromLeftPanel() from the $.address.change() function. If I ommit this call, the ajax works, the session ID still changes, but no logouts.

Answer 1

It seems, that I have found the solution.

During the ajax request, I was calling a class that extended Zend_Auth, which I used to determine the user. Well, in the init() function of this extending class, I was calling Zend_Session::rememberMe(60 * 60 * 24 * 7) , because I thought that what this does is extend the life span of my session, while in reality, it generates a new session that receives this new lifespan.

Although I have solved this problem, it makes me wonder, why it wasn't failing before, and why it started failing now.