Set session with ajax and php

[FrankBro]

So I'm trying to get a ajax call to set a session for a login system. I know javascript can't set sessions, that's why I'm calling a php page via a get. If I just load the php page called from javascript, it's working. But it's not if I call it via ajax. Any idea?

The js.

Code: [Select]

function getCharSession(id)
{
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
var test = xmlhttp.responseText;
if(test = "success")
window.location = "game.php";
}
}
xmlhttp.open("GET","char.php?q="+id,true);
xmlhttp.send();
}
the php

Code: [Select]

<?php
require_once(dirname(__FILE__) . '/../config.php');
require_once(dirname(__FILE__) . '/../classes/class.factory.php');

try
{
session_start();
$charid=$_GET["q"];
if($charid == '' || !is_numeric($charid))
throw new GeneralException('The supplied character is not valid.');
else
{
$db = new DB();

$factory = new Factory($db);
$user = $factory -> createNewUser();
$user ->  isCharUnderUser($_SESSION['uid'], $charid);

$_SESSION['cid'] = $charid;
$_SESSION['hash'] = md5(mysecretkey . $_SESSION['uid'] . $_SESSION['cid'] . $_SERVER['REMOTE_ADDR']);
echo 'success';
}
}
catch(GeneralException $charException)
{
$charException -> displayMessage();
}

?>
I've been working on that for a while, really can't figure it out. The call to the function is on a onclick.
The condition from the javascript is met,

Code: [Select]

var test = xmlhttp.responseText;
     if(test == "success")
          window.location = "game.php";I am being redirected .. the problem is the the session isn't set.

[FrankBro]

really? nobody?

[aerosuidae]

var test = xmlhttp.responseText;
   if(test = "success")
      window.location = "game.php";

Should that be a "==" ?

I'm not sure how Javascript is supposed to behave with variable assignment in conditional statements, but if it is like PHP I think the above would always be true?  Perhaps someone more knowledgable on JS knows...

[FrankBro]

O wow. This ain't the first time I do that ....
Well it was always true since it was an assigment. So that means the ajax response isnt even working. Meh. Any idea?

[dsheroh]

Didn't answer before because I don't really do much PHP, but a quick google for "set cookie in ajax get" turned up http://www.sitepoint.com/forums/showthread.php?t=627717 in which someone was having a similar problem.  His issue ended up being that he needed to explicitly include an expiration time and path in his call to setcookie().  Looking over your posted PHP code, though, I don't see a call to setcookie() at all, which would explain why no cookie is being set.  (Unless one of the functions you're calling is doing a setcookie() internally...  Like I said, I don't do much PHP, so I don't know how they behave.)

[FrankBro]

I'm not setting cookies at all, I'm setting a session. Sessions are set by the server(php), cookie by the browser(javascript). Not sure I trust cookie like i trust sessions.

[FrankBro]

fixed, nvm im a noob =D
firebug FTW

[dsheroh]

I'm not setting cookies at all, I'm setting a session. Sessions are set by the server(php), cookie by the browser(javascript). Not sure I trust cookie like i trust sessions.

You're almost certainly setting a cookie.  How do you think the session is associated with the user?

There are three ways to track a session: URI parameter, hidden form input, or cookies.  Of those three options, the first is fundamentally incompatible with AJAX (you can't change the URI in the location bar to add the session id without doing a full page load) and the second is of limited use in general (it only preserves the session across form submits and will lose it if you click a regular link), which pretty much leaves cookies as the only viable way to establish a session via an AJAX request.

Sessions are stored on the server and the browser never sees them.  Cookies are set by the server and stored by the browser, which returns them with each request.

[raestlyn]

Actually there is 4th way to store session-like data, but it is just for Javascript. Window.name property can hold up up to 2 megabits of information (In Safari, In IE its 64 and FF around 12).

[dsheroh]

Actually there is 4th way to store session-like data, but it is just for Javascript. Window.name property can hold up up to 2 megabits of information (In Safari, In IE its 64 and FF around 12).

Interesting...  I'd never heard of that before.  Thanks!

[raestlyn]

Actually there is 4th way to store session-like data, but it is just for Javascript. Window.name property can hold up up to 2 megabits of information (In Safari, In IE its 64 and FF around 12).

Interesting...  I'd never heard of that before.  Thanks!

You can read it a bit in this blog post. The lib it advertises isn't sophisticated, but it'll work.