跨域共享会话 [英] Sharing session across domain

问题描述

目前，我们在跨子域共享同一会话时遇到问题。我们正在使用Jboss服务器。

Currently we are facing a problem with sharing a same session across subdomains. we are using Jboss server.

用户访问与他们的区域相对应的站点，即具有唯一域名的en_US。将创建与域对应的Cookie。允许用户转到具有不同域名的其他区域设置。问题是，为其他域创建一个新的cookie，失去存储在上一个会话中的信息。我们需要跨网域使用相同的会话Cookie。

Users access the site corresponding to their locale say en_US that has unique domain name. A cookie is created corresponding to the domain. Users are allowed to go to other locales that have different domain name. The problem is that a new cookie is created for the other domain which loses the information stored in the previous session. We need to use the same session cookie across domains.

Ex domains：
sample.au
sample.co.uk
.us

Ex domains : sample.au sample.co.uk sample.us

我问了Iframe / p3p解决方案。我是这个概念的新手。

I asked to look into Iframe/p3p solutions.I am new to this concept. can you please guide me how to achieve this.

提前感谢

推荐答案

您需要的是单点登录服务。

• 用户到达时，您可以通过集中式网站Z为您的网站A..Y在网站A中不显示任何会话ID


• 网站A将用户重定向到网站Z


• 网站Z创建会话


• site A丢弃一个会话cookie允许的用户会话ID允许用户重定向到站点A，用户继续在A上使用他们的共享会话

• user arrives in site A, doesn't present any session id
• site A redirects user to site Z
• site Z creates a session, perhaps after authenticating the user, and drops a site Z cookie, redirects user back to site A with a URL which contains an additional payload telling site A what the users session id is
• site A drops a session cookie allow the user to continue to use their shared session on A

现在，当用户转到网站B

Now when the user goes to site B

• 网站B看不到会话，重定向到网站Z


• 网站Z认为它已经为此人创建了会话，

换句话说，您的信号登录服务给用户可以挂起的东西（会话cookie），也可以传递给参与网站以证明他们已通过身份验证。

To put it another way, your signal sign on service gives the user something that they can hang to (a session cookie) and also something they can pass to the participating site to prove they are authenticated.

这篇关于跨域共享会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！