I’ve been working on a so-far-just-personal website project for a while. It uses a significant amount of AJAX, with PHP doing the server-side stuff. All the AJAX requests made to the server involve GET not POST keywords. When it is ready I hope to make the site public.
Anyway, some of the site pages need to be associated with a user log-in (other pages don’t). I devised a two-stage login process that worked reasonably well, except that the more I thought about lots and lots of users logging in that way --and using it to keep themselves logged in-- a certain aspect of it might end up taking too much PHP processing time.
So I decided to try to do something with “session” stuff. The documentation claims that it works equally well with GET as with POST, and I didn’t want to use the cookie system for holding session info. The manual URL stuff is fine for my purposes, because I’m only doing the session stuff via AJAX requests; nobody will ever see the URL in the browser address bar.
Here is a client-side JavaScript code snippet for calling the first php login file on the server (“AJAXobject” is a local variable holding the XMLHttpRequest object):
AJAXobject.open("GET", "./login1.php?XmitData="+tmp, true);
I should mention that code similar to that has successfully worked to GET a great many different types of data, from the server, via other .php files. In this case, for the session stuff, I followed the rules and made the PHP function “session_start” the first thing in login1.php. Next came a saving of the session ID into a _SESSION variable, as well as a local variable named id_session , and a call to the “session_write_close” function, to free up that resource for the next concurrent user. Then the PHP processor does a whole bunch of other things in the login1 file, and at the end of the file is this echo (simplified here):
[php] echo(“Reply#”.$id_session);[/php]
The actual echo is more complex, but my client-side JavaScript code is fully capable of parsing out the various data-items that are echoed. I can successfully save the session ID into a JavaScript variable, named “ssid” (and verify it is “in there” with the browser’s JavaScript debugger).
The problem I’m having shows up when the server processes login2.php. Here is the browser’s JavaScript call:
AJAXobject.open("GET", "./login2.php?" + ssid + "&XmitData="+tmp, true);
Per the URL rules, the session ID is supposed to follow the question-mark that follows the file-name, and any other data needs to follow a separating ampersand. OK, you can see that I did that.
However, it doesn’t seem to matter that my login2 file worked reasonably well before trying to add some session stuff to it. The only thing being echoed back to the browser NOW is the entire text of the login2.php file! If I edit the file, the edited file gets echoed back to the browser. Nothing else gets echoed, so I am thinking that the PHP processor is failing to actually process the code in login2.php.
This is not acceptable behavior, of course. But I have no idea why it is happening, and what I might do to fix it. What do you folks suggest? Thanks in advance!