PHP 跨域共享会话 [英] PHP Shared Sessions across Domain
问题描述
我在 SOF 上看到了一些对此的回答,但其中大部分都与子域的使用有关,其中没有一个对我有用.常见的一种是使用 session.cookie_domain,据我所知,它只适用于子域.
I have seen a few answers to this on SOF but most of these are concerned with the use of subdomains, of which none have worked for me. The common one being that the use of session.cookie_domain, which from my understanding will only work with subdomains.
我对处理完全不同域(并包括子域的可能性)的解决方案感兴趣.不幸的是,项目的截止日期就是这样,时间不在我身边,所以我求助于 SOF 的专业知识和经验.
I am interested in a solution that deals with deals with entirely different domains (and includes the possibility of subdomains). Unfortunately project deadlines being what they are, time is not on my side, so I turn to SOF's expertise and experience.
当前的项目简介是能够登录一个当前仅在会话中存储 user_id 的站点,然后能够在同一服务器环境中的不同域中检索此值.正在从数据库中存储/检索会话数据,其中 session id 是主键.
The current project brief is to be able to log into one site which currently only stores the user_id in the session and then be able to retrieve this value while on a different domain within the same server enviroment. Session data is being stored/retrieved from a database where the session id is the primary key.
我希望找到一个轻量级"和容易"实施的解决方案.
I am hoping to find a "light wieght" and "easy" to implement solution.
系统使用内部模型视图控制器设计模式,因此所有请求(包括不同的域)都通过单个引导脚本运行.使用域名作为变量,这决定了向用户显示什么上下文.
The system is utlising an in-house Model View Controller design pattern, so all requests (including different domains) are run through a single bootstrap script. Using the domain name as a variable, this determines what context to display to the user.
一个看起来很有潜力的选项是使用隐藏图像并使用 alt 标签来设置 user id.我的第一印象表明这立即看起来太容易了"(如果可能的话)并且充满了安全漏洞.讨论?
One option that did look like to have potential is the use of a hidden image and using the alt tag to set the user id. My first impressions suggest this immediately seems "too easy" (if possible) and riddled with security flaws. Disscuss?
我考虑过的另一个选项是使用 IP 和用户代理进行身份验证,但我再次认为由于共享网络和更改 IP 地址,这不是一个可靠的选项.
Another option which I considered is using the IP and User Agent for authentication but again I feel this not going to be a reliable option due to shared networks and changing IP addresses.
我考虑过但尚未讨论过的第三个选项(也是首选)是使用 htaccess 来欺骗用户,当实际上 apache 重定向时,他们认为他们在不同的域中;像
My third option (and preferred) which I considered and as yet not seen discussed is using htaccess to fool the user into thinking that they are on a different domain when infact apache is redirecting; something like
www.foo.com/index.php?domain=bar.com&controller=news/categoires/1
但向用户显示为www.bar.com/news/categories/1
foo.com 代表所有请求都经过的主站点域",bar.com 是用户认为他们正在访问的内容.控制器请求指示请求的页面和视图.这可能吗?
foo.com represents the "main site domain" which all requests are run through and bar.com is what the user thinks they are accessing. The controller request dictates the page and view being requested. Is this possible?
还有其他选择吗?利弊?
Are there other options? Pros/Cons?
提前致谢!!!
推荐答案
为了让其他对此功能感兴趣的人受益,恐怕没有简单的答案.谷歌单点登录",它将带着技术和一些可用的解决方案回来.
For the benefit for anyone else interested in this functionality, there is no simple answer I am afraid. Google "Single Sign On" and it will come back with the technology and some solutions avialable.
至于使用htaccess隐藏域名,这是不可能的,因为它可能被用于恶意活动.
As for using htaccess to hide the domain name, this is not possible as it could be used for malicious activities.
我现在已经成功实施了一个系统来满足我的要求.
I have now successfully implemented a system to achive my requirements.
这篇关于PHP 跨域共享会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
