设置$ _SESSION在Ajax请求_SESSION、Ajax
我有这个jQuery的Ajax功能在网页中登录。
I have this Jquery Ajax function to login in a web page.
url="<?php echo Yii::app()->createUrl("security/login") ?>"
$.ajax({
type:"POST",
url:url,
data:{},
success: function (jsonResponse) {
var json=JSON.parse(jsonResponse);
if(json.result == "SUCCESS")
{
<?php $_SESSION['LOGGED_USER']="USER"; ?>
}
},
error: function (jqXHR, textStatus, errorThrown) {
console.log(errorThrown);
}
});
和我的看法布局我有这样的
And in my views layout I have this
session_start();
if( isset($_SESSION['LOGGED_USER']) )
{
print_r("LOGGED");
}
else
{
print_r("NOT LOGGED");
}
当我首次到页面中输入它打印没有登录,但似乎它会自动设置会这样,当我重新加载页面它打印注销。
When I enter for the first time to the page It prints "NOT LOGGED" but it seems that it sets automatically the session so that when I reload the page It prints "LOGGED".
我如何正确地在我的Ajax请求把我的会议?
How can I set my session correctly in my ajax request?
非常感谢你:)
推荐答案
这似乎是一个很多人都感到困惑的客户端VS服务器时,它涉及到的Ajax。让我看看我能不能清除了:
It seems a lot of people are confused about client vs server when it comes to Ajax. Let me see if i can clear that up:
您的JS在浏览器(客户端)运行。 PHP运行在服务器上。二是在完全不同的机器上运行不同的语言;它们不共享相同的变量或任何东西。他们不直接相互交谈,或真的连知道对方什么。他们唯一的通讯方式是通过HTTP请求。 (嗯,有WebSockets的太...但是这是一个有点提前了。)
Your JS runs in the browser (client). PHP runs on the server. The two are different languages that run on entirely different machines; they don't share the same variables or anything. They do not talk directly to each other, or really even know anything about each other. Their sole means of communication is via HTTP requests. (Well, there's WebSockets too...but that's a bit advanced yet.)
JS和PHP通常甚至不同时运行。根据您的设置并在该脚本的生活,一两件事情正在发生,在这种情况下,没有一个是你想要的。
JS and PHP typically do not even run at the same time. Depending on your setup and where this script lives, one of two things is happening, and in this case, neither one is what you want.
JS的是在某些类型的服务器不进到PHP的文件。 PHP的code仍然在文件中,当浏览器看到它 - 是无效的JS,当您尝试运行它会导致一个语法错误。也许之前,你甚至可以做阿贾克斯后。
The JS is in a file of some type the server doesn't feed to PHP. The PHP code is still in the file when the browser sees it -- and being invalid JS, causes a syntax error when you try to run it. Probably before you even get to do the Ajax post.
JS的是在某些类型的服务器的确实的饲料的PHP文件。 PHP的跨preTER尽职尽责地穿过文件,查找所有PHP code在里面,分析和运行它。 PHP的code在它运行在服务器上,可能是之前的页面甚至发送到浏览器。 (而且,由于PHP不说话JS,甚至不关心,如果它产生是有效的HTML或JS ......任何非PHP code在页面是无关紧要的。)总之,由当时的浏览器运行上面的脚本中,它看起来是这样的:
The JS is in a file of some type the server does feed to PHP. The PHP interpreter dutifully goes through the file, finds all the PHP code in it, and parses and runs it. The PHP code in it runs on the server, possibly before the page is even sent to the browser. (And since PHP doesn't speak JS, and doesn't even care if what it generates is valid HTML or JS...any non-PHP code in the page is irrelevant.) Anyway, by the time the browser runs your script above, it looks like this:
...
success: function (jsonResponse) {
var json=JSON.parse(jsonResponse);
if(json.result == "SUCCESS")
{
}
},
...
由于PHP已经通过文件,跨$ P $不见了PTED位有关设置 $ _ SESSION ['LOGGED_USER'] 。如果用户有活动会话可言,登录与否,这LOGGED_USER变量设置第二他的浏览器请求网页
because PHP has already gone through the file and interpreted the bit about setting $_SESSION['LOGGED_USER']. If the user has an active session at all, logged in or not, that LOGGED_USER variable is set the second his browser requests that page.
在PHP脚本的处理方式为安全/登录请求需要设置会话变量。您的JS就无法做到这一点,作为会话数据完全是服务器端,你不能让浏览器刚刚起来,告诉服务器,而无需打开了一个巨大的安全漏洞执行任意PHP code 。 (图片会发生什么,如果浏览器可以说PHP,运行此。所有我必须做的是弹出一个JS控制台,看看你做它...最起码,我可以写一行JS的控制台来设置该变量无论我是登录还是不行。)
The PHP script that's handling requests for security/login needs to set the session variable. Your JS won't be able to do it, as the session data is entirely server-side, and you can't let the browser just up and tell the server to run arbitrary PHP code without opening up a massive security hole. (Picture what could happen if the browser could say "hey, PHP, run this". All i'd have to do is pop up a JS console, see how you're doing it...and at the very least, i could write a line of JS in the console to set that variable whether i'm logged in or not.)
或者,如果你真的想,你可以创建另一个页面,JS的职位,即设置会话数据。这似乎是一种浪费,但...它可能是相当困难的事牢固。 (如果PHP尚不知道你登录,你就必须重新进行身份验证和所有)。我不会考虑它,除非出于某种原因,安全/登录不能被修改。
Or, if you really wanted, you could create another page that the JS posts to, that sets the session data. That seems a waste, though...and it might be quite difficult to do securely. (If PHP doesn't already know you're logged in, you'd have to re-authenticate and all that.) I wouldn't consider it unless for some reason security/login can't be modified.
