Hi all, a few quick questions. (Theory related)

1. Can you put javascript in a PHP file?

2. If the answer to that is no ... how can a website have user sign ins / security and also be using ajax to dynamically update a pure xhtml web page?

3. If the answer is yes, does using all of these things at once make it so that you are not in XHTML strict compliance?

Thanks so much for any help people can provide,


7 Years
Discussion Span
Last Post by quasipickle

Yes, you can have Javascript in a PHP file - in that you can call a PHP file & have it act as Javascript...but I don't think that's what you want. I believe what you're asking is if you can make Javascript & PHP work together & ensure sessions are always being used to maintain security.

Say you've got a user who logs in. You then create a session for them in PHP. Then, when you're updating the page with AJAX - what you're doing is using Javascript to request another page from the server. If that page is a PHP page, you can then access that session in that PHP page.

For example: Say a user logs into an RSS aggregator website. Immediately after they login, PHP creates a session for them, loads their user properties, brings in their favourite RSS feeds, etc. If you want to update the RSS feeds automatically, with AJAX - your browser simply makes another request to the server. Yes, it's via AJAX, but the server doesn't know that. The server thinks it's just a regular file request. As a result, it has access to the session that was created when the user logged in, and can retrieve the user properties and RSS feeds like usual.

The only time XHTML strict compliance comes into play is when the resulting XHTML code is generated by PHP. As long as you do that properly, it doesn't matter if the page is modified afterwards with Javascript (though you should still try to be compliant).

Edited by quasipickle: Clarifying


Thanks for your reply! That was very helpful.

As a back drop, I am updateding abc123.html using AJAX, which gets data from PHP/MYSQL. Once that data is placed in a pure html file....

How does the PHP session know to stay open if I am not on a PHP page (and that PHP page has already done its job by spitting back data)?
Also, if 5 people on different computers are working with their own data, where are these sessions stored? How does a computer know which session it should use if there are multiple sessions floating around on the server put there by other computers?


PHP usually uses cookies to store the "key" for a session. If you call


after you've visited a page with PHP sessions, you'll see an item called PHPSESSID. Each request you make to that server (either by typing in a url, clicking a link, or requesting a page via AJAX) has that cookie sent with it. PHP then reads that cookie, looks at its internal session storage system, and pulls out the session data relevant to that cookie.

Multiple people will each have their own unique cookie (PHP makes sure of that) and will therefore have their own unique session data.

If you're jumping around between PHP and HTML files in your browser, that doesn't matter. As long as nothing deletes that cookie, PHP will always have access to it.

I feel I should mention that the PHPSESSID cookie is automatically set to expire when the browser closes - so you can't use $_SESSION to remember a username for future visits to a site.

Edited by quasipickle: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.