在两个网站之间共享会话 [英] Share Session Between Two Websites

问题描述

您好，提前致谢...
我正在处理一个项目，我需要澄清一下，以便以高度安全的方式在两个站点之间共享数据.目前我正在使用 Form Post 来共享数据.但是我考虑是否可以选择从站点 2 获取站点 1 会话数据，因为我认为使用会话更安全.我不知道如何在两个站点之间使用会话，但我希望这里有人知道.

Hi thanks in advance...
I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to share data. But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure. I don't know how to use a sessions between two sites, but I hope someone here will know.

像这样:
站点 1 编码

$_SESSION['customer_id'] = 'XYZ';  
$_SESSION['total_amount'] = '100';  

<a href=https://site2.com/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>  

do.php 中的站点 2 代码

$session_id = $_REQUEST['session_id'];  
$shared_data = bla_bla_bla_function($session_id);  

$customer_id = $shared_data['customer_id'];  
$total_amount = $shared_data['total_amount'];  

或者有什么方法可以在两个网站之间进行除表单发布之外的安全数据共享，请告诉我.
谢谢
你的，
卡蒂基扬 R

or is there any way to do the secure data sharing between two website other than form post, please tell me.
Thank you
Yours,
Kaartikeyan R

找到解决方案

我已通过 CURL 将客户 ID 和金额发送到第二个网站，为此在表中创建一个记录并使用记录 ID 生成加密 ID，并返回加密 ID.

I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.

因此，在第一个网站中，我获得了加密 ID，并将其用于重定向到第二个网站的 URL.

So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.

在具有加密 ID 的第二个网站上，我获得了客户 ID 和金额.

On the Second Website with the Encrypted ID i get the Customer ID and Amount.

推荐答案

Urk.首先，永远，永远这样做:

Urk. First off, never, EVER do this:

$session_id = $_REQUEST['session_id'];  

这会导致我们称之为会话固定"的安全漏洞(阅读更多:http://en.wikipedia.org/wiki/Session_fixation).

This causes a security truck-hole we refer to as 'session fixation' ( read more: http://en.wikipedia.org/wiki/Session_fixation ).

看来你对安全很重视.如果你需要从站点 1 到站点 2 共享数据，你应该通过一个单一的消费桥来完成:

It seems you're pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:

1).单击站点 1 上指向处理程序文件的链接，我们将其命名为 redir.php.

1). Click on a link on Site 1 to a handler file, let's call it redir.php.

2).Redir.php 首先检查现有的会话数据.

2). Redir.php first checks the existing session data.

3).Redir.php 将相关信息以及某种标识符(例如，用户 ID 的 MD5 哈希值 + '_'+ 当前时间)和一个已消费"标志写入数据库行中，设置为 false.

3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false.

4).Redir.php 与标识符一起执行 301 重定向到站点 2.

4). Redir.php does a 301 redirect to Site 2, along with the identifier.

5).站点 2 从数据库中读取相关行.

5). Site 2 reads the relevant row out of the DB.

6).如果数据良好且尚未消费"，则返回成功并将数据标记为已消费.

6). If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.

7).如果数据已被消耗，则抛出某种错误.

7). If the data has been consumed, throw some sort of error.

有更复杂的方法可以做到这一点，但我认为这可以处理您想要做的事情.

There are more complex ways of doing this, but I think this handles what you're trying to do.

这篇关于在两个网站之间共享会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！