4

I'm baffled by this one... I'm doing a remote widgety type of setup, we'll control both domains so security is not a concern. I'm using jsonp to allow cross domain ajax requests.

The visited site is domain1.com, which inclues:

<script src="domain2.com/file.js"></script>

file.js uses jQuery to make ajax requests:

$.ajax({
   url: 'http://domain2.com/getdata',
   dataType: 'jsonp',
   success: function(response) {
       div.html( response );
   }
});

It goes through several of these steps in somewhat of a wizard, reloading the div with html from the remote server.

The problem I'm running into is that on each ajax request, I get a new php session id and my session data goes away. The PHP end of things is fine, if I run the same script from the same domain (still using jsonp), everything works fine. Doing it from a remote domain, however, and the session does not stick around. I have no idea why this is, the php end is setting and requesting a cookie from it's own domain. I do not need to access the cookie from JS. The cookie is being written and saved on the server. But each request when I check the stored cookies in the browser, the session id has changed.

Any ideas?

4

3 回答 3

2

好吧,我创建了一个非常简单的测试用例,它工作得很好。

实际的应用程序正在使用 cakephp 及其会话。我尝试改用 $_SESSION 来代替,但没有用。我尝试将 session_start() 添加到控制器,但没有奏效。最后我在配置中禁用了 cakephp 会话,现在它工作得很好。

我不知道为什么它不起作用,但似乎是 cakephp 的一个小故障。

于 2010-01-21T01:24:45.053 回答
0

Point the ajax jsonp request at a php file in the same domain, and in that php file, trought cUrl, do the request to the second domain.

In short, use an php file as a tunnel between the two domains (cUrl is just an example)

于 2010-01-21T00:27:55.077 回答
0

抱歉,我没有读到您正在使用 jsonp。所以这不是解决方案......

使用 Javascript,您无法对与您的网站运行所在的域不同的域进行 AJAX 调用。这称为同源策略,可在您的站点出现 XSS 问题时提供更高的安全性。有关更多信息,请参阅 Wikipedia 文章:http ://en.wikipedia.org/wiki/Same_origin_policy 通过在您的服务器上提供一个路由 php 脚本,您可以通过您的服务器将这些 Javascript AJAX 调用路由到目标域/服务/任何.

于 2010-01-21T17:54:40.057 回答