I have a site that uses ajax to store data so that the page does not need to be refreshed. I leave the page open all the time. When the session expires, I can manually refresh the page and the session will be restored. However, if the session expires and I try to send an ajax request to the server, the response will be a 403 forbidden error.
Why can I manually refresh the page and have the session restored, but if I do an ajax request the session is not restored?
I have tried having an ajax request call the very same page that I am on to see if that would cause the session to refresh, to no avail.
From what I have read, an ajax request is the same as a manual request. So doing ajax calls should be refreshing the session just the same as reloading the page. But apparently this is not the case.
It is interesting to note that if I let my session expire (or delete the cookie, or remove the session file from the server) and then try an ajax call in a for loop it will continually return a 403. Then if I open another window and load the same page, the session will refresh and the ajax responses in the original window will immediately change from 403 to 200.
What am I missing?
(For reference, I am using CakePHP framework, Nginx web server, on Ubuntu linux.)