自动登录到当前的网站,如果用户登录到另一个网站 [英] Automatically login to current website if user is logged in to another website
问题描述
我有100个网站在ASP经典codeD。每个网站接受订单,将它们存储在数据库中。然而,这些订单的支付必须在其他网站上进行,也美元的ASP经典的C $ CD。所有的网站都用同一家公司所有,托管同一IIS服务器上,并使用相同的SQL Server数据库。
I have about 100 websites coded in ASP classic. Each website accepts orders and stores them in database. However, the payment of these orders must be made on another website, also coded in ASP classic. All websites are owned by same company, hosted on same IIS server and use the same SQL Server database.
现在,在这些网站之一输入一些个人信息和日志的用户注册(例如website-for-newjersey.com),并下订单。然后,他被重定向到支付网站(payments.master-website.com上HTTPS),其中他的一些个人信息(地址,城市,州航运;名信用卡持有人姓名;等),支付形式出现。信用卡的具体信息输入该网页上。
Now, the user registers by entering some personal information and logs in to one of these website (e.g. website-for-newjersey.com) and places an order. He is then redirected to the payments website (payments.master-website.com on https) where some of his personal information (address, city, state for shipping; name for credit card holders name; etc) appears on the payment form. Credit card specific information is entered on that page.
由于该网页上显示的信息的敏感性,用户必须登录到支付网站之前,他/她可以查看的 pre-充满的付款表格。我不希望用户(每个网站上一次)登录两次。有如果用户登录到检查的一种可靠方式的指使用传统的ASP 的网站。
Because of the sensitivity of information shown on that page, the user must login to the payment website before he/she can view the pre-filled payment form. And I do not want the user to login twice (once on each website). Is there a reliable way of checking if the user is logged in to the referring website using classic ASP.
长话短说
- 在B网站,我需要检查,如果访问者登录到网站A
- 在B网站我需要的ID会话变量从网站A
- 两个网站使用同一个数据库服务器
- 我需要明确的指示
- PHP或ASP.NET解决方案是可以接受的,如果它是通用/便携
推荐答案
从主叫网站,你可以创建一个GUID或一些其他随机生成的价值。其存储在用户记录(设置在一个指定的时间段到期)在数据库中,加密它,并将它传递通过SSL给支付网站,它被解密,然后比较到数据库。如果再搭配用户登录,如果不匹配,那么他们被要求登录。
From the calling site you could create a guid or some other randomly generated value. Store it on the users record (set to expire in a specified time period) in the database, encrypt it and pass it over SSL to the payment site where it is decrypted and then compared to the database. If they match then the user is logged in, if it doesn't match then they are asked to log in.
另一种方式,虽然我不知道它可以与不同的域名使用的会话来完成。因为它们都是在同一台机器上有可能,但我不是100%确定那一个。
Another way although I'm not sure it can be done with different domain names is using sessions. Since they are all on the same machine it might be possible but I'm not 100% sure on that one.
这篇关于自动登录到当前的网站,如果用户登录到另一个网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
