Question:
I am having issues passing session variables from parent page to iFrame page and AJAX called PHP files in Chrome & IE. It seems to work in FF and Safari though.
Environment:
I have WordPress as my “Portal”. One of my WordPress pages is a “Dashboard”. That Dashboard makes AJAX requests against a CRM web service to render JSON data. WordPress, the Dashboard file and the CRM are all on the same domain. “www.domain.com/wordpress” is the WordPress domain, “www.domain.com/dashboard/dashboard.php” is the Dashboard file which is included via iFrame on a WordPress page, and “www.domain.com/CRM/webservice.php” is the web service file I’m making AJAX calls against.
Approach:
User logs into WordPress using LDAP. I grab the username from WordPress and dump it into a $_SESSION['WPUsername'] variable as an extension to WordPress’ login function. Then, when my Dashboard loads in the iFrame, it makes a request to my CRM web service file via jQuery $.get(). The webservice.php receives the request, then uses the $_SESSION['WPUsername'] session variable to internally query the appropriate data and return the response.
Problem:
Firefox is working fine. IE & Chrome seem to think the $_SESSION['WPUsername'] doesn’t exist when requested by webservice.php.
What am I missing?
I made all of the recommended changes to my PHP configuration and website. I set the cookie path in php.ini to “/” and I used the full subdomain path (“www.domain.com/dashboard/dashboard.php”) in my iFrames. It seems to be working fine now.
On another note, I just implemented SSO using OpenAM as the IdP and SimpleSAMLphp as the SP. No need for session cookies to manage authentication anymore and all data passed between components is now done using web services.