问题
i am working with RESTFUL APIs . my front-end(http://localhost:3000/) and back-end(http://workless/services) are in different origin. Because of that i have implemented the CORS mechanism to access the sevice from different origin. it like bellows..
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
// optional configuration
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
Everything is working on postman tools, trouble is while i'm going to call some apis which is needed saved session value it's return 401 status because of losing the session value.. The session value is not stored while accessing via chrome/mozilla but it's working on postman..
can anyone please say why it occurs??
来源:https://stackoverflow.com/questions/33629921/php-session-value-is-not-working-in-chrome-browser-but-working-in-postman