跨域ajax和php会话
我对此感到困惑......我正在做一种远程小部件类型的设置,我们将控制这两个域,因此安全性不是问题。我使用 jsonp 来允许跨域 ajax 请求。
访问的站点是domain1.com,其中包括:
<script src="domain2.com/file.js"></script>
file.js 使用 jQuery 发出 ajax 请求:
$.ajax({
url: 'http://domain2.com/getdata',
dataType: 'jsonp',
success: function(response) {
div.html( response );
}
});
它以向导的方式完成其中几个步骤,从远程服务器重新加载带有 html 的 div。
我遇到的问题是,在每个 ajax 请求中,我都会得到一个新的 php 会话 ID,而我的会话数据就会消失。 PHP 的一切都很好,如果我从同一个域运行相同的脚本(仍然使用 jsonp),一切都会正常。然而,从远程域执行此操作,会话不会持续存在。我不知道为什么会这样,php 端正在设置并从它自己的域请求 cookie。我不需要从 JS 访问 cookie。 cookie 正在被写入并保存在服务器上。但是当我检查浏览器中存储的cookie时,每个请求的会话ID都发生了变化。
有什么想法吗?
I'm baffled by this one... I'm doing a remote widgety type of setup, we'll control both domains so security is not a concern. I'm using jsonp to allow cross domain ajax requests.
The visited site is domain1.com, which inclues:
<script src="domain2.com/file.js"></script>
file.js uses jQuery to make ajax requests:
$.ajax({
url: 'http://domain2.com/getdata',
dataType: 'jsonp',
success: function(response) {
div.html( response );
}
});
It goes through several of these steps in somewhat of a wizard, reloading the div with html from the remote server.
The problem I'm running into is that on each ajax request, I get a new php session id and my session data goes away. The PHP end of things is fine, if I run the same script from the same domain (still using jsonp), everything works fine. Doing it from a remote domain, however, and the session does not stick around. I have no idea why this is, the php end is setting and requesting a cookie from it's own domain. I do not need to access the cookie from JS. The cookie is being written and saved on the server. But each request when I check the stored cookies in the browser, the session id has changed.
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
嗯,我创建了一个非常简单的测试用例,并且运行得很好。
实际的应用程序正在使用 cakephp 及其会话。我尝试改用 $_SESSION 代替,但没有成功。我尝试将 session_start() 添加到控制器,但没有成功。最后我在配置中禁用了 cakephp 会话,现在它工作得很好。
我不知道为什么它不起作用,但似乎是 cakephp 的一个小故障。
Well I created a very simple test case and it worked just fine.
The actual App is using cakephp and their sessions. I tried switching to just using $_SESSION instead, didn't work. I tried adding session_start() to the controller, didn't work. Finally I disabled cakephp sessions in the config, and now it works just fine.
I have no idea why it wasn't working but seems to be a glitch with cakephp.
将 ajax jsonp 请求指向同一域中的 php 文件,并在该 php 文件中,使用 cUrl,向第二个域发出请求。
简而言之,使用 php 文件作为两个域之间的隧道(cUrl 只是一个示例)
Point the ajax jsonp request at a php file in the same domain, and in that php file, trought cUrl, do the request to the second domain.
In short, use an php file as a tunnel between the two domains (cUrl is just an example)
抱歉,我没有看到您正在使用 jsonp。所以这不是解决方案...
使用 Javascript,您无法对与您的网站运行的域不同的域进行 AJAX 调用。
这称为同源策略,可在您的网站上存在 XSS 问题时提供更高的安全性。
有关详细信息,请参阅维基百科文章:http://en.wikipedia.org/wiki/Same_origin_policy
通过在服务器上提供路由 php 脚本,您可以将服务器上的 Javascript AJAX 调用路由到目标域/服务/其他内容。
Sorry, I did not read that you are using jsonp. So this is not the solution...
With Javascript you are not able to do AJAX calls to a domain different than the domain your website is running on.
This is called Same origin policy and provides more security in case there are XSS issues on your site.
See the Wikipedia article for more info: http://en.wikipedia.org/wiki/Same_origin_policy
By providing a routing php script on your server you are able to route those Javascript AJAX calls over your server to the target domain / service / whatever.