javascript - How can I convert this PHP code in a way that will allow me to add it in .JS using Ajax? -

i have .js file hosted on domain1.com, work correctly need add php code @ beginning. reason bypass restriction on safari script , requires me create session. php code creates session through url domain2.com. there no browser redirection or anything, user stays in domain1.com. want have single .js file in domain1.com maybe ajax solution need. here is:

<?php session_start();    if (!isset($_session['isiframesessionstarted']))     {         $_session['isiframesessionstarted'] = 1;         $redirect = rawurlencode('http://' . "{$_server['http_host']}{$_server['request_uri']}");         header('location: domain2.com/start-session.php?redirect=' . $redirect);           exit;     }  ?> 

the start-session.php file hosted on domain2.com not need changes, contains this:

<?php     session_start(); // create session cookie     $redirect = rawurldecode($_get['redirect']);      header('location: ' . $redirect); // redirect domain      exit; ?> 

let me combine requested in comments:

i have .js file hosted on domain1 ... want have single js file , can't put php ... whole purpose of domain1 not have php code or php file. ... reason because want cross-domain , session created domain2.

it sounds issue might related safari iframe session cookie problem, because have if (!isset($_session['isiframesessionstarted'])) in 1 of code blocks. continue assumption.

summary of problem other readers:

upon embeding iframe 1 domain website of different domain, realise internet explorer , safari blocking cookies (and session variables) of website inside iframe (ref).

---

attempted solutions didn't pan out:

• safari 3rd party cookie iframe trick no longer working?
• internet explorer & safari: iframe session cookie problem
• iframe must die
• safari: setting third party iframe cookies
• php session in iframe in safari , other browsers

---

my solution:

essentially, php session "hijacking". works surprisingly above solutions failed. essential solution. please security enhancements^* , url-prettifying like. basically, retrieve php session id through redirects , pass iframe. instructions in comments.

in domaina.com head place this:

<script src="session.js"></script> 

session.js (on domaina.com):

// location of domain b session starter var sessionscripturl = "http://domainb.com/start-session.php"; var refqsparam = "phpsessionid";  // check if have phpsessionid in query string var phpsessionid = getparameterbyname(refqsparam); if(phpsessionid === null) {     // not in query string, check if have in session storage     var sessionstore = sessionstorage.getitem(refqsparam);     if(sessionstore === null) {         // have no session storage of php session id either, redirect         top.location = sessionscripturl + "?redirect=" + encodeuricomponent(self.location.href);     } else {         // phpsessionid found in session storage. retrive         phpsessionid = sessionstore;     } } else {     // save phpsessionid session storage browser refresh     sessionstorage.setitem(refqsparam, phpsessionid);     // optional: redirect again remove query string data }  // helper qs values function getparameterbyname(name) {     return decodeuricomponent((new regexp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null; } 

session-starter.php (on domainb.com):

<?php session_start(); // create session cookie $redirect = rawurldecode($_get['redirect']);  // redirect php session id // optional: encode information $href = $redirect . '?phpsessionid=' . session_id(); header('location: ' . $href); exit; 

html (in body, on domaina.com):

append php session information iframe src.

<script> document.write('<iframe src="http://domainb.com/embedded-script.php?phpsessionid='+phpsessionid+'"></iframe>'); </script> 

embedded-script.php (on domainb.com, in iframe):

<?php // use phpsessionid passed in $phpsessionid = rawurldecode($_get['phpsessionid']);  // ref: http://php.net/manual/en/function.session-id.php function session_valid_id($session_id) {     return preg_match('/^[-,a-za-z0-9]{1,128}$/', $session_id) > 0; } // check potentially valid session id if(session_valid_id($phpsessionid)) {     // set session 1 obtained in session-start.php     session_id($phpsessionid); } session_start(); // call after session_id()! // rest of code  

---

^*considerations:

1. don't use document.write, use jquery or document selectors.

2. encode php session id

3. perform redirect base url of domaina.com remove ?phpsessionid= in url cleaner look.

4. if decide call session-starter.php ajax instead, new php session id every time same reason. iframe use session id, if open new page domainb.com, session yet again different.