I believe you aren't handling the session correctly, remember, AJAX
calls don't automatically attach the session ID to your URL variables,
so you have to do it manually (if it's not in the cookie), either by
directly attaching to the target url:
$.getJSON("target.php?sid="+<session id>,...,...);
or within you arguments (my preferred method):
$.getJSON("target.php",{sid:<session id>,...},...);
Then on the server side:
// Check if our session is still active
if (session_id() == "") {
// Not active, check if sid was sent
if (!$_REQUEST['sid']) {
// Not sent, bounce them out (or attempt to log them in)
} else {
session_id($_REQUEST['sid']);
session_start();
}
}
Note, that this is the bare bones way of doing it and I can't vouch
for the security. You're probably best off creating a class for
handling sessions.
- jake
On 3/30/07, Erik
Beeson <[EMAIL PROTECTED]> wrote:
> I don't know much about your specific problem, but I thought I'd share
> how I do AJAXified login. First I have a form with action set to the
> login page so it will work without javascript. Then I hijack the form
> with ajaxForm() from the form plugin. I have the ajax return JSON and
> have a callback function like:
>
> function(data) {
> if(data.loggedIn) {
> // Do logged in stuff
> } else {
> $('#login_error').html(data.errorMessage);
> }
> }
>
> Also, I use asynchronis ajax and disable the fields and display an
> indicator in the form plugin's beforeSubmit() function. The blockUI
> plugin is good for doing this kind of thing.
>
> Hope it helps.
>
> --Erik
>
> On 3/30/07, Kim Johnson <[EMAIL PROTECTED]> wrote:
> > Hi folks,
> >
> > I apologize if this is a little less Jquery and a
> > little more "general AJAX/PHP" in nature, but I am
> > completely stuck and was hoping there's tribal
> > knowledge I failed to learn.
> >
> > I have a login panel on each page of my site. The
> > actual authentication takes place in a file called
> > login.php, called via ajaxsubmit (async set to false).
> > login.php calls a few functions that are in an
> > included file called startsession.php (meaning,
> > startsession.php is included in every normal page;
> > it's not called/included using ajax or anything).
> > These startsession functions handle setting $_SESSION
> > vars once the user is authenticated (or removes them
> > if the user is logged out or information is corrupt,
> > etc).
> >
> > Both the regular page and login.php call
> > session_start().
> >
> > I'm seeing some very weird behavior.
> >
> > startsession appears to be setting the $_SESSION vars
> > correctly. The problem is, they don't seem to be
> > sticking. First of all, startsession.php appears to
> > refresh itself AFTER the ajax call is complete, even
> > though the only places this file would be in are in
> > login.php (already called in ajaxsubmit) and the
> > regular file. When startsession.php refreshes itself,
> > it doesn't see the $_SESSION vars and subsequently
> > logs me out.
> >
> > Furthermore, I was under the impression that I could
> > do something like this, after the ajax call:
> >
> > var loggedin = <?=$_SESSION['loggedin']?>;
> >
> > if (loggedin == true)
> > {
> > $("div#login").hide();
> > $("div#logout").unhide();
> > }
> > else
> > {
> > $("div#login").unhide();
> > $("div#logout").hide();
> > }
> >
> > I had been hoping to avoid reading the responseText...
> > though after looking at it now, I'm realizing that
> > there's no way this would work; even though session
> > vars are set on, well, the session, it seems that
> > you'd have to reload the page for PHP to pick it up,
> > period.
> >
> > Any help would be greatly appreciated. I know this is
> > probably something easy. :/
> >
> > thanks,
> > -kim
> >
> >
> >
> > ____________________________________________________________________________________
> > No need to miss a message. Get email on-the-go
> > with Yahoo! Mail for Mobile. Get started.
> > http://mobile.yahoo.com/mail
> >
> > _______________________________________________
> > jQuery mailing list
> > discuss@jquery.com
> > http://jquery.com/discuss/
> >
>
> _______________________________________________
> jQuery mailing list
> discuss@jquery.com
> http://jquery.com/discuss/
>
_______________________________________________
jQuery mailing list
discuss@jquery.com
http://jquery.com/discuss/
