Problems with PHP Sessions and Ajax Requests

Asked

Viewed 45 times

0

That’s for the beast, haha.

I have a hosted website (privacy I will not disclose the link) that the segment is from personal protective equipment. Have products to add to cart.

Problematic situation 1: The site uses HTTP;
Problematic situation 2: I’m trying to make a request for a website that uses HTTP (customer) to a website that uses HTTPS (A website under my care, we’ll call it General Site);

Having read these two problematic, customer’s website needs to access the General Site because I use a file Funcoes.php in which it has functions of add and remove cart items. However (of course it has 'however'), I had to do all that process of adding the Source Permission Access Control headers to allow the functionality.

What I’ve done already:

  • I added the details to my file .htaccess as below:

    <IfModule mod_rewrite.c>
   RewriteEngine on
        Header set Access-Control-Allow-Headers "*"
        Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
</IfModule>

  • I also added the Access-Control-Allow-Origin in the Funcoes.php using PHP

    header("Access-Control-Allow-Origin: *");

In the end, the process goes something like this:

When I add the product to the cart, a script javascript takes the data and sends it to Funcoes.php via Ajax, as below:

function addItemOrcamento(thumbnail, nome, id, url, event){
    event.preventDefault();
    var qtd = parseInt($("#orcamentoQtd").val(), 10);
    var data = {Acao: "addItemOrcamento", thumbnail: thumbnail, nome: nome, id: id, qtd: qtd};

    $.ajax({
        url: 'https://sitegeral.com.br/sistema/Funcoes.php',
        type: 'POST',        
        data: data,
        success: function(r){
            console.log(r);
            window.location = url;
        }
    })    
}

So when I trigger the event "Added awe" it redirects to the page php budget. of the customer’s website as scheduled, but it does not add the item in the cart and in the console from Google Chrome it shows a very fast error before redirecting to the page php budget.. The error is index undefined. Check below for the error:

<b>Notice</b>: Undefined index: items in <b>/home/arkalis/web/siteaqui.com/public_html/sistema/Funcoes.php</b> on line <b>1664</b><br/>

And to finish with the golden wrench, I’ll insert the function PHP who is responsible for taking the $_SESSION['items'] data and working with it.

IMPORTANT NOTE: I will place the PHP function followed by the login used on the client’s website.

Functions.php

if (isset($_POST['Acao']) && $_POST['Acao'] == "addItemOrcamento") {
    if (isset($_POST['thumbnail']) && isset($_POST['nome']) && isset($_POST['id']) && isset($_POST['qtd'])) {

        $peculiaridade = isset($_POST['peculiaridade']) ? $_POST['peculiaridade'] : false;

        $i = 0;
        $itemExiste = false;
        $items = $_SESSION['items'];

        for ($i = 0; $i < sizeof($items); $i++) {
            $items[$i]["peculiaridade"] = isset($items[$i]["peculiaridade"]) ? $items[$i]["peculiaridade"] : false;
            if ($items[$i]["pro_id"] == $_POST['id'] && $items[$i]["peculiaridade"] == $peculiaridade) {
                $itemExiste = true;
                $items[$i]["qtd"] += $_POST['qtd'];
                $_SESSION['items'] = $items;
                break;
            }
        }

        if (!$itemExiste) {
            $item = Array("thumbnail" => $_POST['thumbnail'],
                "pro_nome" => $_POST['nome'],
                "pro_id" => $_POST['id'],
                "qtd" => $_POST['qtd'],
                "peculiaridade" => $peculiaridade
            );
            $_SESSION['items'][] = $item;
            sort($_SESSION['items']);
            echo "ok";
        } else {
            echo "item somado";
        }
    } else {
        die("Erro ao adicionar item para orçamento!");
    }
}

This file is present on my website, ok?


$_SESSION['items']

if (!$_SESSION) {
    session_start();
}
if (!isset($_SESSION['items'])) {
    $_SESSION['items'] = array();
}

customer’s website

IMPORTANT NOTE: If I put it all in HTTP (that is, my site right) it works perfectly, that’s not the question ok? And also put it all on HTTPS, That’s not my choice, I don’t decide that part, so I can’t do it. The situation is HTTP to HTTPS.

I finished. I’m really sorry that this question got big, sometimes people don’t like it or answer the question. But if you can help me, please comment on your answer. Thanks there to all who always help me in my questions making me have a better result in the Stackoverflow community.

In need of any other information, I will be here to add/edit.

php javascript html htaccess session

  • How are cookies and session security set? It may be locked to HTTP

  • The commands used in .htaccess wouldn’t take care of that problem? I was with this http to https request blocking problem and I inserted them to disable these restrictions, I thought this would work for other types of calls.

  • No, what you put there is just CORS configuration

1 answer

1


It is not possible to make HTTP calls on a website running on HTTPS because the browser blocks it. This is part of the HTTPS security policy. However, there are some alternatives.

The first is to disable cross-origin restrictions (Cross Origin Restrictions) in the browser. In Chrome for example, you can boot it by passing the parameters --disable-web-security --user-data-dir=~/.chrome-disable-web-security. But this will depend on a user-side setting, so it will only work if you have access to and control of the users' environment.

The second is to use the simple reverse proxy, which in case would receive your request in the application running on HTTPS and would call via server to the application running on HTTP.

You can use available proxy tools such as mitmproxy, or call directly from PHP. Ex:

Application 1 makes a call to a PHP file, and this file makes an HTTP call (http://php.net/manual/en/reserved.variables.request.php) for Application 2, which returns the result for the PHP file that returns for Application 1.

  • 1

    Really it is not possible? I did this regarding the emails and it worked, alias is giving, I thought that this was valid for other types of calls too.

  • 1

    Diego Marques, I’m going to mark your answer as correct because I like your guidance on reverse proxy. So then I will simulate a situation like the one I passed to test this tip of yours that I found interesting. Vlw. I decided in a way that I didn’t want to, which is to put the functions inside the folder of the client’s site, since his site is inside the site that I manage. kkkk but vlw

Browser other questions tagged php javascript html htaccess session

You are not signed in. Login or sign up in order to post.