I have searched this quite extensively on forums but I didn’t find anything relevant, so I guess I’m doing something out of specs here.
I have a .NET app that calls a Yii app, residing on a different server, through AJAX.
The Yii app auto-starts a session and stores the ID in a cookie, if called directly - but if called through AJAX, it doesn’t even set the cookie and renews the session ID every time. I can see the DB log (since it’s a DB session) searching for a different session ID every time.
This is the relevant clip of my Yii config:
[...]
'session' => array(
'timeout' => APP_ENV=='prod' ? 1440 : 3600,
'sessionName' => 'sharedSession',
'class' => 'CDbHttpSession',
'autoCreateSessionTable'=> false,
'connectionID' => 'db',
'sessionTableName' => 'shared_session',
'useTransparentSessionID' => !empty($_POST['PHPSESSID']),
'autoStart' => 'true',
'cookieMode' => 'only',
'cookieParams' => array(
'domain' => '.mydomain.com',
'httpOnly' => false,
),
),
'user'=>array(
'allowAutoLogin'=>true,
'stateKeyPrefix' => 'usr-',
'autoRenewCookie' => true,
),
[...]
One thing I tried, was accessing the Yii app from the webserver that hosts the .NET app. This time, the AJAX call used the same session ID as the direct call.
So I guess that the different IP from the requester triggered the different session ID. But why does the AJAX calls always change IDs even if they come from the same server (it’s load balanced but I’m accessing the server directly)? And why doesn’t it set the cookie anyway?
If somebody could help that would be very appreciated.