[development] session questions

Moshe Weitzman weitzman at tejasa.com
Fri Oct 17 18:47:03 UTC 2008

> 3) From IE7, the session_name remains the same across all requests, but the
> session_id() of the initial page request is different from the ajax callbacks.
> In other words the session cookie's value changes.  So $_SESSION is not
> shared.  Is this what I should be seeing?

No. Browser's have a responsibility to always send back cookies to the
domain+path that sent them. So if your ajax callback is sent back to
the same domain and path as the session cookie, it has to be sent
back. check the domain and path of the cookie and ajax callback
carefully. You can control what path/domain the cookie gets set on
using settings.php (see the comments there). Note that changing that
can affect existing user's and their cookies.
> 4) Also from IE7, the session_id is new for ajax callbacks, yet drupal somehow
> knows which user is logged in.  That is $_SESSION is not shared with the
> original page request, but the global $user is set correctly.  How is this
> happening?  Doesn't Drupal rely on the session_id to determine the user?
> Since session_id has changed shouldn't drupal think the ajax request is
> anonymous?
> Is what I'm seeing the way things are supposed to be, or have I somehow
> screwed up my install?

Screwed up install, or browser, or other.

More information about the development mailing list