The CORS scheme is:
AJAX Call from: https://remotewebsite.com/
GET Request to http://localhost/?param=ThisIsImportant
I am using localhost because it still in development.
JavaScript
x
Request URL: http://localhost/?param=ThisIsImportantRequest Method: GETStatus Code: 200 OKRemote Address: [::1]:80Referrer Policy: strict-origin-when-cross-originResponse Headers
JavaScript
Access-Control-Allow-Origin: *Cache-Control: no-store, no-cache, must-revalidateConnection: Keep-AliveContent-Length: 226Content-Type: text/html; charset=UTF-8Date: Mon, 27 Sep 2021 20:18:08 GMTExpires: Thu, 19 Nov 1981 08:52:00 GMTKeep-Alive: timeout=5, max=100Pragma: no-cacheServer: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8Set-Cookie: PHPSESSID=00fg461kl112lctp7ooqr5mder; path=/X-Powered-By: PHP/8.0.8PHP Pseudo-code
JavaScript
session_start();$_SESSION['hash'] = $_GET['param'];If I enter in http://localhost and visit a script with:
JavaScript
session_start();print_r($_SESSION);Session is empty. If I check cookies in developer tools, PHPSESSID is different from the one on AJAX response.
I need set the PHPSESSID during AJAX response and kept, and be able to retrieve the SESSION[‘hash’] set on PHP during that AJAX request. Including in another scripts on localhost. Is that possible?
Advertisement
Answer
Found that the $.ajax request should contain
withCredentials: true
crossDomain: true
on server-side, the script need:
JavaScript
header('Access-Control-Allow-Credentials: true');session_set_cookie_params(["SameSite" => "none"]); //none, lax, strictsession_set_cookie_params(["Secure" => "true"]); //false, truesession_set_cookie_params(["HttpOnly" => "true"]); //false, truethat’s it.