My login page: example.com/login (root/public_html/login)
My subdomain: api.example.com (root/api)
When I make a simple GET request using AngularJS $.http it fails to load the session variable. Directly loading the page works fine, but when using Angular it fails (Giving a CORS Error even though its on the same server and host just a different subdomain).
Is it possible making a js request to the absolute path (not relative path) causes a cors exception?
In my .htaccess file in public_html I have: php_value session.cookie_domain .example.com
The file im loading from $.http:
if(!isset($_SESSION)) session_start();
if(!empty($_SESSION['username'])) {
echo "Working";
} else {
echo "Not finding username";
exit;
}
Login Code:
session_set_cookie_params(0, '/', '.example.com');
session_start();
$_SESSION['username'] = $query[0]['username'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['image'] = $query[0]['image'];
$_SESSION['role'] = $query[0]['role'];
$_SESSION['banned'] = $query[0]['banned'];
$_SESSION['id'] = $query[0]['id'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['useragent'] = $_SERVER['HTTP_USER_AGENT'];
setcookie(session_name(),session_id(),time()+604800,"/",".example.com");
header("Location: /"); exit;
EDIT: api.example.com's doc directory is /api and not the conventional /public_html/api would this make a difference?
Edit: Everything was solved once I moved the root/api docs folder to root/public_html/api and then used relative paths in the JS.