Can't read $_SESSION variables set by previous request, AJAX

Evil_Otto

I have a page that calls an Ajax request using an onLoad function. The request returns some code that is used to replace the innerHTML in a <div> on that page. At the same time the code also sets a $_SESSION variable, and that variable can be read within the scope of that request. Here's the function that is called by the onLoad attribute of the <body>tag:

function functionBlock($blockArray)
{

$output = "";
$title = $blockArray['title'];
$entryArray = $blockArray['entries'];
$rand = rand();
$throbberName = "throbber" . $rand;
$throbberBG = $throbberName . "bg";
$_SESSION['throbbers'][] = $throbberName;
session_write_close();
echo print_r($_SESSION['throbbers']);

$output .=<<<EOO

<div class="headercontainer">

<div class="throbberleft"></div>
<div class="headertext">$title</div>
<div class="throbberright" id="$throbberBG"><img src="images/indicator.gif" class="throbber" id="$throbberName"></div>
</div>

EOO;

$body ="";
foreach($entryArray as $entry)
{ 
	$function = 	$entry['function'];
	$callback = 	$entry['callback'];
	$label = 	$entry['label'];
	$output .="<div class=\"options\" onClick=\"send_command('$throbberName','$function','$callback','red')\" style=\"cursor:pointer\">$label</div>";
}

$output .= "</div>";


return $output;

}

The send_command javascript function:

function send_command(throbber, PHPfunc, callback, resetcolor)
{
document.getElementById(throbber).style.visibility='visible';
var bg = throbber + 'bg';
document.getElementById(bg).style.background='white';
agent.call("",PHPfunc,callback);

}

agent.call here refers to AjaxAgent, which is what I'm using to generate the request. The long and short of it here is that $_SESSION['throbbers'] gets an entry added to it, and that entry can then be read back from it (the echo statement sends the right value back to the browser).

The problem is when the link that's generated by this script is clicked (the onClick attribute), it can't see that $_SESSION['throbbers'] has been set at all. It returns a "undefined index" error.

Do I have to do something to ensure the $_SESSION update happens in the right scope here? As far as I can tell there's three separate requests:

1) the initial pageload from the browser;
2) the onLoad request; and
3) the request from clicking on the link generated from the previous request.

Changes to the $SESSION array don't seem to be carried forward from 2 to 3. The way I have my site designed, this sort of modification to the $SESSION is very important, and if I need to change something, now's the time (as in perhaps not using AjaxAgent? it doesn't seem very popular..)

Thanks for any insight.

atokatim

I had the same problem and wound up going with setcookie() and $_COOKIE['var'].

edit : Do you have session_start(); on the page Ajax calls for?

Evil_Otto

atokatim wrote:
I had the same problem and wound up going with setcookie() and $_COOKIE['var'].

edit : Do you have session_start(); on the page Ajax calls for?

I have session_start() at the top of the main page.. the Ajax calls are just to functions that are then used to update divs on the page.

atokatim

I am not really sure how to pass sessions to another page that is called by an Ajax script, so i would recommend trying to use setcookie() instead. that is what i use on www.gothics-r-us.com on the members logged in and on the member activity area.

MarkR

Sessions should work perfectly with AJAX (e.g. XMLHttpRequest) requests. The only issue is that you must use cookies.

However, cookies are absolutely required if you want your sessions secure anyway. I recommend that you set session.use_only_cookies=1

Firstly, ensure that your session cookies are being set correctly and persisting between normal test pages (create some for the purpose).

It's worth noting that you need to set the session up identically on all pages which use it - therefore you MUST really create a common include file which sets the session up. The various session ini file parameters need to be the same on all pages.

The session parameters need to be configured before session_start() is called (and of course, that needs to be called before any output is done).

It's possible that you're experiencing a race condition in your session handler - your ajax request is going to the server before it's saved the session data from the previous page.

To prevent this:

Use a completely flat (non-PHP) page for your ajax code.
Don't make any ajax requests before the page has fully loaded (e.g. the onload event)
Consider adding some locking to your server-side code to prevent this race condition. See the PHP documentation and/or the source code of your session handler for more details.

Mark