We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

phalcon session cannot be destroy from another domain

Wang Chao Jun '15

Created Jun '15	Last Reply None	Replies 0	Views 457	Votes 0

Wang Chao 4.0k

Jun '15

i have two domain,

first one is named "passport.my-site.com", and it has a logout action in which destroy the session.

the second is named "goods.my-site.com", when i logout from "goods.my-site.com" (i use post ajax to logout, and nginx has add_header Access-Control-Allow-Origin *;), it does execute the logout action in "passport.my-site.com", and the result from $this->session->destroy() is true, BUT after i refresh the page, it still displays login status.

HELP!

Wang Chao
4.0k

Accepted
answer

Jun '15

solved.

i know the problem, when i ajax from "goods.my-site.com" to "passport.my-site.com", the request header DOES NOT carry the session key in cookie, so the server does not destroy the real session.