如何在php中生成唯一的会话ID [英] How to generate a unique session ID in php

问题描述

在我们的网站上，我们希望能够在多个域中共享会话.所有这些网站都在同一台服务器上，但其中一些具有不同的 IP 地址.

On our websites we want to make it possible to share sessions accros multiple domains. All these websites are on the same server but some of them have a different IP address.

我找到的可能解决方案是自己设置会话 ID:

The possible solution I found was to set the session ID myself:

<?php
session_id($someUniqueHash);
?>

这有效，如果我像 md5('test') 这样的哈希.在同一服务器上的另一个域上，我们再次进行了会话.

And this works, if I make the hash like md5('test'). On a other domain on te same server we have the session again.

问题在于生成 ID.我在互联网上看到一些使用 microtime 等的解决方案，但是当我使用这种方法时，我无法预测其他域/PHP 页面上的会话 ID.

The problem is generating the ID. I see some solutions on the internet with microtime etc, but when I use that approach I can't predict the session ID on the other domain / PHP page.

有人有想法吗?或者我们不应该实施这个吗?是否有其他选项可以在多个域上共享会话?(不是子域！)

Does anyone have an idea? Or shouldn't we implement this? Are there other options to share session over multiple domains? (NOT subdomains!)

推荐答案

我已经通过使用 OAuth 类型流程，但我们用用户替换了消费者.

I've achieved this system by using an OAuth type flow but we replaced the Consumer with the User.

因此，每个域都将在其自己的会话中拥有经过身份验证的 Access_Token.然后，您将使用该 Access_Token 从 api 获取有关用户的信息.

So each domain would have the authenticated Access_Token in its own session. You would then use that Access_Token to get information about user from an api.

我还使用 session_set_save_handler 解决了会话问题并将会话存储在数据库表中...这个表将有Access_Token 也是如此，这使得通过数据库查询找到会话变得非常容易.

I also solved the session problem using session_set_save_handler and storing sessions in a database table... This table would have the Access_Token also, making it really easy to find the session with a DB Query.

希望这对想法有所帮助.

Hope this helps with ideas.

这篇关于如何在php中生成唯一的会话ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！