stackoom
  简体   繁体   中英

Fetch Api - how to send PHP SESSION data to the target PHP file?

 原文  2021-12-12 12:05:43       javascript/ php/ session/ fetch/ fetch-api

Question

I can't figure out why the Javascript Fetch API stubbornly refuses to keep my PHP session. Here is a minimal test:

loader.php 

<?php
session_start();
$_SESSION['test'] = 'OK';
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title></title>
</head>
<body>
    <p>Origin session id is <?php echo session_id() ?></p>
    <div id="target"></div>
    <script>
        fetch('data.php', {
            method: 'get',
            credentials: 'include'
        }).then(response => response.text()).then((data) => {
            document.getElementById('target').innerHTML = data;
        }).catch(function (error) {
            console.log(error);
        });
    </script>
</body>
</html>

data.php:

<?php
session_start();

echo '<p>Target session id is ' .  session_id() . '</p>';
if (empty($_SESSION)) {
    echo '<p>session is empty</p>';
} else {
    echo implode('<br>', $_SESSION);
}

result:

Origin session id is abe10f9c611066f6400b2ce3d0ee8f97
Target session id is a68e76bf1d5180d79d27a2bcfa3c462c
session is empty

I found several similar questions/answers, but none of them helped. The suggested solution is to provide the Credentials option with ' include ' or ' same-site ', but none of them work.

I know that I can pass the session ID but if possible would like to avoid it.

Thanks for your help

2 answers

solution1
 0  2021-12-12 12:32:23

Is session.cookie_httponly enabled on the server? If it is then that will prevent javascript calls from using the cookie (and generally speaking PHP sessions tend to be backed by a cookie). In the context of this setting, http-only implies " http / https allowed; javascript / webassembly /... denied".

You can probably see the current value with phpinfo(); . or read more about it on php.net .

solution2
 0  2021-12-12 20:43:40

I finally found the origin of the issue. This happened because I'm not in SSL (I'm on localhost) and sent this header from my .htaccess:

Header always edit Set-Cookie (.*) "$1; Secure"

I first checked my cookies with var_dump(session_get_cookie_params()); and it returned ["secure"]=> bool(false)

Useful to know:

in PHP session_get_cookie_params() returns a wrong value if the cookie param is set into .htaccess

This is because the function is reading the php.ini value, not the value sent with .htaccess

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to send a array with input file to PHP on Fetch API How to access data from php file using fetch api method? fetch api (GET DATA) from php file How to send PHP data to Javascript file in Laravel (Google maps API) Send data with images using fetch api but array of files is empty php How to send a response in PHP to a request made through the javascript fetch API? How to send data to php file other that the action=“ ” ? how to send data to php file then echo a message send data to json file with javascript fetch api How to grab data using fetch() API POST method in PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM