Using Laravel 8 and axios.
During POST method, there's no problem accessing the session.
But when I switch to the GET method in between, the session is blank.
POST = session is ok
GET = session is blank
POST again = session is still there
It just happened all of a sudden. I'm pretty sure I did not do any major changes.
Any idea? Thanks a lot!
Related
This question is for CakePHP 4.3:
In my action, I am accessing the session. For a normal GET request, everything works fine. If I call the same action through an AJAX request, I do not have access to the session. Why is that?
For example, even this does not work:
public function select3() {
debug($this->request->getSession()->read());
}
For a GET request, the session is printed. For an AJAX call, an empty array is printed.
Is the AppController NOT called for an AJAX request?
Any help is appreciated!
First, thanks to "ndm" for your offered help.
I solved it after seeing that something was mixed up with the URLS.
The URL has "server-4.2" in it, and "server" is a link to it.
Both "server-4.2" and "server" seemed to have confused the Authentication controller.
Glad it works now.
I'm trying to figure out why my AJAX script won't update my Flask app's server side session.
Implemented Flask-Session with sqlalchemy. I can see the table in the database and the encrypted session data.
init.py
...
from flask_session import Session
app = Flask(__name__)
app.config.from_object(Config)
db = SQLAlchemy(app)
Session(app)
...
config.py
...
SESSION_TYPE = 'sqlalchemy'
SESSION_SQLALCHEMY_TABLE = 'app_sessions'
Ajax call works as I am getting the correct response.
$.post("/ajax_fnc/_update_session", post_data)
.done(function(data) {
console.log(data)
})
Flask app returns updated cart_data:
...
#app.route('/ajax_fnc/_update_session', methods=['POST'])
def ajax_update_session():
session['cart_data']['qty'] = 1
return jsonify(session['cart_data']['qty'])
Browser console logs the updated and correct response from the Flask app. But refreshing the site loads the session with a cart data quantity of 0. So it didn't work.
How do I update the server side session with AJAX and get it to persist? What am I missing?
Note: Initializing the session with a cart quantity of 0 on the server side works just fine. Just when I attempt an update with Ajax it doesn't stick. I've spent more than half a day searching for answers but can't seem to find what I'm missing (or not understanding).
Shoot, after a lot more digging it turns out that my initialize function was being called every single time an http request was made. So... of course an ajax update would never persist.
Relocated the initialize function and the server side session works fine.
Using latest version of cakephp v2.3.3
I have a problem with my session variables when a browser doesn't allow cookies.
I pass variables from one controller to the other and this works perfect as long as the browser has cookies enabled. I have tried it with the Session helper in the controllers, but no effort, same problem.
How to fix this, is there a work around???
Cookies are required to keep track of the session ID, but you can manually get or set the session ID using $this->Session->id(). By adding the code below to the App Controllers' before filter you can set the session ID as a URL paramter like http://example.com/posts/view/1?session=qkv108c2pqeubcpeos1q7ekds3, for example.
if (!empty($this->request->query['session'])) {
$this->Session->id($this->request->query['session']);
}
The session ID is required for every request which means you have to include it in every link. I would suggest extending the HTML helpers' url and link methods to automatically add it.
Edit:
You should verify that $this->Session->read('Config.userAgent'); or $this->request->clientIp(); has not changed since the user was authenticated to prevent session hijacking. Thanks to thaJeztah for pointing this out.
My logout does not seem to work.
I clear cookies like that:
foreach (Cookie cookie in _session.Cookie.GetCookies(new Uri(Session.ServerSecureURL + "/Login", UriKind.Absolute)))
{
cookie.Discard = true;
cookie.Expired = true;
}
But next time I try to login, I get the previous user's session, even though, I verified, and in the web request I see a new cookie.
Anyone had similar problems with cookies?
I Found the problem. It was not Cookie related after all.
I used wireshark to see what is sent to the server, and found out that after i logout there is only one call to the server, the one that logs me back in, but no calls to retrieve the data are made. Apparently WP7 retrieves me the old data from previous session from cache. I fixed that by adding a random data to the end of my url, and now it works perfectly. I'm still wondering what is the right way to control caching on WP7.
This:-
new Uri(Session.ServerSecureURL + "/Login", UriKind.Absolute)))
Looks a little suspect to me. I would expect it to be:-
new Uri(Session.ServerSecureURL + "/", UriKind.Absolute)))
Ordinarily cookes set in a folder (like "Login") would still have the path "/", since its usually intended that the cookies be available to the whole application.
I need to keep Security.level set on medium for Ajax reason.
But I want that If the user close browser his session will destroy.
How can I do that?
Thanks in advance!
Config/core.php
Configure::write('Session', array(
'defaults' => 'php',
'cookieTimeout' => 0, //Lives until the browser is closed.
'checkAgent' => false //To fix a little the Chrome Frame problem
));
Unless you're persisting session data (ie: storing session data in a cookie with an expiration date in the future), then the session should be destroyed when the user closes the browser.
Unfortunately I'm not familiar with the CakePHP framework so I cannot comment on its API. However, if you want to explicitly end a session you can do so in PHP with session_destroy().
Hope that helps.
You could remove the session cookie with JS when the page is closed (remember: page close is also triggered when the user just navigates away - maybe just to the next page of yours).
i guess you could fire on ajax command on page unload to call session_destroy()
http://book.cakephp.org/view/1317/destroy for CakePHP - but yes, CakePHP does set a proper session cookie which is deleted by the browser when it closes.
What you really are probably concerned about is session hijacking - and so you really want some kind of a logout on site closure. You can't do this - the best alternative method that I know of is:
A short session timeout with an "Are you there?" AJAX refresh - the timeout can be controlled independently of the security level now using Configure::write('Session.timeout', $seconds);, where for medium security level the timeout seconds are multiplied by 100. Banks use this method.