Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

phalcon session cannot be destroy from another domain

i have two domain,

first one is named "", and it has a logout action in which destroy the session.

the second is named "", when i logout from "" (i use post ajax to logout, and nginx has add_header Access-Control-Allow-Origin *;), it does execute the logout action in "", and the result from $this->session->destroy() is true, BUT after i refresh the page, it still displays login status.




i know the problem, when i ajax from "" to "", the request header DOES NOT carry the session key in cookie, so the server does not destroy the real session.