跨不同域保留会话变量 [英] Preserving session variables across different domains
问题描述
我不确定这是否可能.
I'm not sure if this is even possible.
我公司的主站点接受信用卡和其他付款信息.他们还拥有与我们举办的活动直接相关的其他站点.例如我们的主站点是这样的:
My company has their main site that accept credit cards and other payment information. They also have other sites that are directly related to events we host. For example our main site is something like:
但是还有一个专门用于年度活动的站点:
But have another site specifically for an annual event:
http://www.etm124annualgala.com
我的活动"站点正在处理注册并保存到我们的数据库中,但是我们的主站点处理信用卡处理.通过在主网站上处理当前的购买,会话可用于将数据传递到付款/抄送屏幕.
My 'event' site is handling registration and saves to our database, but our main site handles the credit card processing. With current purchases handled on the main website, sessions are used to pass data to the payment/cc screens.
无需更改我的付款代码(例如接受$ _GET参数),我的$_SESSION变量是否应该传递?
Without having to change my payment code (to accept, say, $_GET parameters), shouldn't my $_SESSION variables be passing over?
示例:
$_SESSION['s_address1'] = $_POST['address1'];
$_SESSION['s_address2'] = $_POST['address2'];
$_SESSION['s_city'] = $_POST['city'];
$_SESSION['s_state'] = $_POST['state'];
$_SESSION['s_zip'] = $_POST['zip'];
header('Location: https://www.etm124biz.com/payment.php?oid=' . $oid . '&src=conf&id=' . $seq);
我的payment.php页在上面查找地址会话变量.
My payment.php page looks for the address session variables above.
推荐答案
跨域会话ID
默认情况下,使用cookie传递会话ID.由于您的网站位于不同的域中,因此会话cookie不会转移,因此这是阻止跨域会话正常工作的一件事.
Cross-domain session ids
Session ids are passed around using cookies by default. Since your websites are on different domains the session cookie does not transfer over, so that's one thing that prevents cross-domain sessions from working.
转移会话ID的一种技术是将它们附加到所有请求的查询字符串中(PHP甚至对此具有一定程度的内置支持).但是,这种处理方式有很多缺点-最重要的是人们一直在复制/粘贴URL,这暗示着揭示有效的会话ID和重复使用无效的会话ID-因此,不推荐.
One technique to have the session ids transfer over is to append them to the query string of all your requests (PHP even has some degree of built-in support for this). However, this way of doing things has many drawbacks -- the most important being that people copy/paste URLs all the time, with all that implies about revealing valid and reusing invalid session ids -- and therefore is not recommended.
更好的方法是使用Javascript跨所有感兴趣的域发出跨域请求(当然,这需要进行合作).这样,您可以在需要的多个服务器之间无缝传输会话ID.
A much better approach would be to use Javascript to make cross-domain requests across all of the interested domains (which would need to be cooperating in this of course). This way you can seamlessly transfer your session id across as many servers as you need to.
即使cookie没问题,您也需要将会话数据存储在所有服务器上通常都可以访问的某些存储上.默认存储为本地文件系统,因此如果您要进行跨域会话,则需要再次进行更改.
Even if the cookie were not a problem, you would need to have the session data on some storage commonly accessible by all your servers. The default storage is the local filesystem, so again this is something that needs to change if you want cross-domain sessions.
此问题的简单解决方案是使用自定义会话处理程序,将数据存储在数据库或其他可全局访问的商店.
A simple solution to this problem would be to use a custom session handler that stores the data on a database or other globally accessible store.
这篇关于跨不同域保留会话变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
