跨子域的 PHP $_SESSION [英] PHP $_SESSION across subdomains
问题描述
好的,所以我有 example.com 然后我使用 Javascript 运行 XHR 请求到 api.example.com 以前我有 api.example.com 作为 example.com/api 但我想将其移动到子域并且登录工作正常,直到我将其移动到 api.example.com
Ok so I have example.com which I then use Javascript to run XHR requests to api.example.com Previously I had the api.example.com as example.com/api but I wanted to move it to a subdomain and the sign in worked fine until I moved it to api.example.com
我正在测试登录脚本并尝试保持会话实时,但每次运行它都会清除 $_SESSION
I am testing out a sign in script and trying to keep the session live but each time it runs it clears the $_SESSION
db_connect.php
include_once("config.php");
ob_start();
session_start();
$db = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
auth.php
<?php
require($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');
if (!$db) {
die('Could not connect: ' . mysql_error());
}
$method = $_SERVER['REQUEST_METHOD'];
if ( isset($_GET['id']) ){
$id = $_GET['id'];
} else {
$id = 'all';
}
switch (strtoupper($method)) {
case "GET":
if ($_SESSION['auth']) {
$check = true;
} else {
$check = false;
}
$arr = json_encode(array('result'=>$check));
echo $arr;
break;
default:
echo "Streets closed pizza boy!";
}
signin.php
<?php
require($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');
if (!$db) {
die('Could not connect: ' . mysql_error());
}
$method = $_SERVER['REQUEST_METHOD'];
if ( isset($_GET['id']) ){
$id = $_GET['id'];
} else {
$id = 'all';
}
switch (strtoupper($method)) {
case "POST":
$postdata = json_decode(file_get_contents("php://input"));
$src = (array)$postdata->user;
$password = hash( 'sha512', $src['password']);
$q = $db->query("SELECT *
FROM users u
WHERE u.email = '".$src['email']."'
AND u.password = '".$password."'");
if($q->num_rows > 0){
$check = true;
$_SESSION['auth'] = 1;
$maps = array();
while($row = mysqli_fetch_array($q)) {
$product = array(
'auth' => 1,
'id' => $row['id'],
'name' => $row['name'],
'email' => $row['email'],
'access' => $row['access']
);
array_push($maps, $product);
}
//$_SESSION['company_id'] = $product['company_id'];
}else{
$check = false;
}
$_SESSION['id'] = $product['id'];
$_SESSION['email'] = $product['email'];
setcookie("username", $productx§['email'], time()+(84600*30));
$arr = json_encode(array('result'=>$check, 'user'=>$maps));
echo $arr;
break;
default:
echo "Your favorite color is neither red, blue, or green!";
}
我尝试将 db_connect.php 设置为
<?php
include_once("config.php");
ob_start();
session_set_cookie_params(0, '/', '.example.com');
session_start();
$db = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
但这没有任何作用,会话变量丢失了.
But this does nothing and the session variables are lost.
PHP 文件也是通过 AJAX 调用的.
The PHP files are called via AJAX too.
所有页面是否都应该是 angularjs DOM 连接到数据库?
Should ALL pages whether its the angularjs DOM connect to the database?
推荐答案
.htaccess on api.example.com
# CORS Headers (add this)
<ifModule mod_headers.c>
Header add Access-Control-Allow-Origin "http://example.com"
## Post the domain that will be doing the XHR requests
Header add Access-Control-Allow-Credentials: "true"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</ifModule>
<Limit GET POST PUT DELETE>
Allow from all
</Limit>
example.com
在您的主要网站的标题中发布以下内容
Post the following in the header of your main website
ini_set('session.cookie_domain', '.example.com' );
session_start();
XHR 请求
现在我们需要将凭据从 example.com 发布到 api.example.com 我正在使用 AngularJS
Now we need to post the credentials from example.com to api.example.com I'm using AngularJS with this
$http({
method: 'GET',
url: '//api.example.com/auth/',
xhrFields: {
withCredentials: true
},
crossDomain: true
}).success....
还要更改您的配置以允许使用凭据发送
Also change your config to allow sending with Credentials
.config(function ($routeProvider, $httpProvider) {
$httpProvider.defaults.withCredentials = true;
//rest of route code
这篇关于跨子域的 PHP $_SESSION的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
