2

I have an api with php implemented for login authenrication:

http://somerestsertver.net/sampleapi/auth-login this sets the login session id (e.g. after verifying user credentials)

http://somerestsertver.net/sampleapi/auth-check this checks the login is valid if the session id is set or not

http://somerestsertver.net/sampleapi/auth-logout and this destroys the session and needed logout ...

I set login with $_SESSION["id"]=1 when auth-login in the code then auht-check would be ok, otherwise the auth-check would contain errors.

it is ok when I call these urls in browser or a ReST Client, but using them in my angularJS code returns errors for http://somerestsertver.net/sampleapi/auth-check!

it seems the session set is not available via PHPSESSID in the client and it is not working properly Is it related to sandbox or CORS or html header requests?

Improve this question
1
  • Is it related to Access-Control-Allow-Origin Commented Nov 2, 2015 at 11:51

1 Answer 1

Reset to default
1

Hi I solved the problem finally this way:

Client side, in angularJS I put this in my route-config to apply for all request to ReST-API

$httpProvider.defaults.withCredentials = true;

I think I should have mainly use in .htaccess for web server:

Header add Access-Control-Allow-Credentials "true"

but for your attention, I updated finally the whole .htaccess file to the following:

Header add Access-Control-Allow-Origin "http://localhost:3000"
Header add Access-Control-Allow-Credentials "true"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "GET, POST"
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index[0-9]?\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>

also I use the following for JSON response in php: $response="desired JSON response OBJECT"; $status='OK or unauthenticated or ...' ; $status='200 or 403 or ...'; header("Content-Type:application/json"); header("HTTP/1.1 $status $status_message"); echo json_encode($response); exit();

Hope this question and answer helps you

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.