PHP在不同域名之间传递会话数据 [英] PHP passing session data between different domain names

问题描述

我在同一台服务器上有 2 个域名，但想使用会话变量传递一些数据怎么做?

I have 2 domain names on the same server but want to pass some data using session variable how to do this?

推荐答案

假设您的意思是域是 something.com 和 someothersite.com，然后配置这两个站点为他们的会话文件使用相同的目录 (/tmp?)，然后只需将会话 ID 添加到站点之间的链接:

Assuming you mean domains to be something.com and someothersite.com, then configure the two sites to use the same directory for their session files (/tmp?), then just tack on the session ID to the links between the site:

http://something.com?sessionID=session_id_from_someothersite.com
http://someothersite.com?sessionID=session_id_from_something.com

然后在每次检查该参数时使用您的会话处理代码并加载它.

then have your session handling code in each check for that parameter and load it up.

然而，在纯文本 URL 中传递会话 ID 是非常不安全的.这就是会话固定攻击变得微不足道的原因.稍微更安全的方法是在每个服务器上使用 POST 表单来登录"另一个域并将会话 ID 作为参数传递.或者更好的是，传递加密的一次性使用令牌而不是会话 ID.

However, passing the session IDs around in plaintext URLs is highly insecure. This is how session fixation attacks become trivial. A slightly more secure method would be to use a POST form on each server to "log into" the other domain and pass the session ID as a parameter. Or better yet, pass an encrypted one-time-usage token instead of the session ID.

如果您将它们作为同一父域(siteA.example.com 和 siteB.example.com)的单独子域提供服务，只需配置两者在 example.com 上设置他们的会话 cookie，这将在两个站点之间共享.

If you're serving them as seperate sub-domains of the same parent domain (siteA.example.com and siteB.example.com), simply configure both to set their session cookies on example.com and it'll be shared between the two sites.

这篇关于PHP在不同域名之间传递会话数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！