在2个laravel应用程序之间共享会话 [英] Sharing a session between 2 laravel applications
问题描述
我正在使用数据库会话驱动程序,试图在两个laravel应用程序之间共享会话.两个应用程序的会话cookie名称和加密密钥是否应该相同?在过去的几天里,我在这个问题上很难过.任何帮助是极大的赞赏.谢谢!
I am using a database session driver in an attempt to share a session between two laravel applications. Should the session cookie name and encryption key be the same for both applications? I am having a very hard time with this issue for the last few days. Any help is greatly appreciated. Thank you!
推荐答案
与会话相关的所有内容均应相同.基本上session.php文件在两者之间应该相同,它们应该具有公共数据库,并且密钥和密码类型应该相同.
Everything related to sessions should be identical. Basically the session.php file should be the same between both, they should have a common database, and the key and cipher type should be identical.
如果它们具有相同的域名(例如:server1.mydomain.com,server2.mydomain.com)但主机名/子域名不同,则只要正确设置域(例如,.mydomain.com),cookie仍可以正常工作.如果它们在同一台服务器上,则仍可以使用公共键值系统.如果它们位于单独的服务器上,则您需要一个公共的存储位置(例如S3)或一个启用复制的键值系统(例如Redis或Memcached).如果您需要复制其他数据类型,也可以使用MySQL,但是对于键/值对来说,它非常繁琐.
If they have the same domain name (ex: server1.mydomain.com, server2.mydomain.com) but different hostnames/subdomain names, then the cookies should still work fine as long as you set the domain correctly (ex .mydomain.com). If they are on the same server, you can still use a common key-value system. If they are on separate servers, you either need a common storage location (like S3) or a replication enabled key-value system like Redis or Memcached. You could also use MySQL if you need to replicate other data types, but it's very heavy for just key-value pairs.
如果它们具有完全不同的域,则cookie将不起作用.在这种情况下,您将需要通过GET查询字符串引用跨站点会话ID,并使用通用或复制系统或通过某些安全API在后端执行会话迁移.这是一个非常难以设置的系统,并且仅当您使用站点中嵌入的链接在域之间移动时才起作用.书签或手动输入地址会丢失会话数据.
If they have completely different domains, then cookies will not work. In that instance, you would need to reference cross-site session ids through GET query strings, and perform session migrations in the back-end using either common or replicated systems, or via some secure API. This is a very difficult system to setup and only works if you are moving between the domains using links embedded in the sites. Bookmarks or manual address input will loose session data.
现在有一种更好的方法,可以使用JSON Web令牌( JWT )处理此问题.基本思想是,您不必共享必须保持同步的会话ID数据库,而应共享用户数据库.用户数据库将需要更少的写入操作,因为大多数数据将是静态的,这反过来使得在多个应用程序之间进行复制或拆分更加容易. JWT以加密格式保存所有相关会话数据,以防止篡改.这允许前端客户端保留JWT,并根据请求将其传递给后端客户端.然后,后端客户端仅负责检查JWT中的数据是否与其用户数据数据库匹配.如果匹配,则可以假定用户已通过身份验证.除了我在这里说明的内容外,还有更多内容,但是我建议您查看网站以获取完整的说明( https://jwt.io/).
There is a better way to handle this now using JSON Web Tokens (JWT). The basic idea is that rather than share a database of session IDs that has to be kept in sync, you instead share a database of users. The database of users will require significantly fewer writes, since most of the data will be static, which in turn makes it easier to replicate or split between multiple applications. The JWT holds all the pertinent session data in an encrypted format which prevents tampering. This allows the front-end client to hold on to the JWT and pass it to the back-end client on requests. The back-end client is then only responsible for checking that the data within the JWT matches it's database of user data. If it matches, then it can be assumed that the user was authenticated. There is a little more to it than I've explained here, but I would recommend checking out the website for a full explanation (https://jwt.io/).
最好的部分是,在Laravel中开始使用非常容易.添加 JWT-Auth 依赖项,您就可以使用JWT了.
The best part is, it's super easy to get started using in Laravel. Add in the JWT-Auth dependency and you are up and running with JWT.
我要补充的一个警告是,如果您进行跨域请求,则可能会遇到较新的浏览器的跨域资源共享(CORS)问题.如果遇到这种情况,可以轻松解决( Laravel-CORS ).
The one caveat I would add is that you will likely run into Cross-Origin Resource Sharing (CORS) issues with newer browsers if you do cross domain requests. There are easy fixes if you run into that (Laravel-CORS).
这篇关于在2个laravel应用程序之间共享会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
