$ _SESSION PHP在不同URL中的同一服务器上无法识别

I have a check_session.php file that checks if the user session was started after login, which happens is as follows:

There are two URL's:

https://www.website.com/control/user/

And inside it has a link that leads to another URL:

https://www.website.com/b2b/user/

At the beginning of each page you even have the code:

<?php
if( !session_id() ) {
    session_start();
}
header('Access-Control-Allow-Origin: https://www.website.com');
?>

The file check_session.php is the same for both environments, however when opening the link in a target="_blank", the other URL passes through the file verify.php and $_SESSION['user'] is not recognized and forwards the user out of the environment, but the source tab does not lose the session:

<?php
if( !isset($_SESSION['user']) ) {
    session_regenerate_id(true);
    unset($_SESSION['user']);
    session_destroy();
    session_start();
    echo "<script>window.alert('Unauthorized access [SECTION OFF]!');</script>";
    echo "<script>parent.location.href='home/';</script>";
    exit();
}
?>

Taking into account that the destination URL call is done both via tag and in Jquery .ajax();

great regardz, thank you!

This could happen in 2 cases: First is different domain names. You said, that they are same.

Then most likely you didn't init session in verify.php

Header Access-Control-Allow-Origin using, when you need to load data from another site. You don't need that header on same domain. And you don't need to check session_id before start session.

So first piece of code may look like this:

<?php session_start(); ?>

In the second piece of code, if $_SESSION['user'] were not set, then there is no sense to unset($_SESSION['user']);.

If you destroy session, no need to session_regenerate_id(true);.

If you recreate session only because of $_SESSION['user'] and this code is all in this file,

then second piece of code may look like this:

<?php
session_start();
if(!isset($_SESSION['user']) ) {
    echo "<script>window.alert('Unauthorized access [SECTION OFF]!');</script>";
    echo "<script>parent.location.href='home/';</script>";
}

If you recreate session for another reason, then second piece may look like this:

<?php
session_start();
if( !isset($_SESSION['user']) ) {
    session_destroy();
    session_start();
    echo "<script>window.alert('Unauthorized access [SECTION OFF]!');</script>";
    echo "<script>parent.location.href='home/';</script>";
}