0

I'm having an issue when I make an ajax post from sub.mydomain.com to domain.com. I've set the cookie to be .mydomain.com and I know the session is being set properly because if I goto sub.mydomain.com in the browser the session id matches mydomain.com session id. However whenI do an ajax post from sub.mydomain.com to mydomain.com the session id changes.

To get around it I'm passing the session id in the post.

But I want to know why it's not working like its supposed to.

Any ideas would be helpful.

M

user1086377
  • 328
  • 5
  • 16

1 Answers1

1

Cookies aren't sent in cross origin requests(which I assume you're using for sessions), in order to enable this you have to set withCredentials on both the request an d response.
request xhr.withCredentials = true;
response header Access-Control-Allow-Credentials: true

Musa
  • 96,336
  • 17
  • 118
  • 137
  • Thanks, still did't work. I'm looking at the Headers Request and Response in chrome Developer Tools,Request ... Access-Control-Request-Headers:accept, origin, withcredentials, x-requested-with, content-type. Response.. Access-Control-Allow-Credentials:true But session Id is still wrong. – user1086377 Apr 11 '13 at 17:39
  • this is the error I'm getting now in the console. Request header field withCredentials is not allowed by Access-Control-Allow-Headers – user1086377 Apr 11 '13 at 17:41
  • I had to add withCredentials to the response headers Allow-Headers to get rid of the console error. But the session id is still different. – user1086377 Apr 11 '13 at 17:57
  • @user1086377 are your cookies being sent in the request? – Musa Apr 11 '13 at 18:27
  • yes? I'm I supposed to set the cookies in the request? I thought starting the session does that for me? when using this code and not going from sub.mydomain.com to mydomain.com It worked fine. – user1086377 Apr 11 '13 at 18:40
  • looking at the console again I see that Request Cookies is blank. Response Cookies are set. odd – user1086377 Apr 11 '13 at 19:17