Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

phalcon session cannot be destroy from another domain

i have two domain,

first one is named "passport.my-site.com", and it has a logout action in which destroy the session.

the second is named "goods.my-site.com", when i logout from "goods.my-site.com" (i use post ajax to logout, and nginx has add_header Access-Control-Allow-Origin *;), it does execute the logout action in "passport.my-site.com", and the result from $this->session->destroy() is true, BUT after i refresh the page, it still displays login status.

HELP!



1.8k
Accepted
answer

solved.

i know the problem, when i ajax from "goods.my-site.com" to "passport.my-site.com", the request header DOES NOT carry the session key in cookie, so the server does not destroy the real session.