跨网域会话 - 共享购物车跨网域 [英] Cross domains sessions - shared shopping cart cross domains
问题描述
我们正在解决eshop(php,mysql)的问题。客户希望在具有共享购物车的两个域上拥有相同的eshop。在商店客户可以做到没有用户帐户的购物(不能登录)。而且还有问题,如何使共享购物车跨域。
来自购物车的数据存储在会话中,我们也存储在数据库中。但是我们不能解决在域上携带数据的问题。识别未记录的用户不是防漏的(研究)。
示例,它应该如何工作
客户转到domainOne并添加一些东西到购物车。然后他去了domainTwo(通过链接,键入域地址,然而),并添加一些其他东西到购物车。在购物车中,他有两个域的东西(刷新页面后)。
你有什么想法,如何解决这个问题?
无效:
- 由于客户要求,无法重新导向
- Cookie与网域相关
- set_cookie与其他网域无关。
- 最简单的方法是只继承sessionid (存储在Cookie中),但我们不知道,如何完全识别未记录的用户。
- 是否有其他任何地方,除了Cookie,数据可以存储在客户端? (可能不是)
- 我们不能使用通过url中的params发送sessionid(如果用户点击链接到其他域)或解析标头引用,bcs我们不知道,如何用户可以实现其他域。
如果你不能理解我,给我一个问题。如果你认为,有eshop在两个域与共享(共同)购物车是坏主意,不要告诉我,我们知道。
感谢每个答案。
使用 http://thirdDomain.com/session.php 。
示例:
< script type =text / javascriptsrc =http://thirdDomain.com/session.php> / script>
客户切换域后,您可以将他标识为使用第三个域的同一客户。 p>
您可以将两个商店的会话ID分配给第三个域上的会话ID,以访问这两个商店的购物车。您只需要通知第三个网域您的商店会话(即将其添加为参数)。
根据您与代码和模板的灵活性,您甚至可以使用第三个域的输出来定义您的商店中的会话ID。这样,您可以在所有域上使用相同的会话ID。
但是通常会话id赋值应该是更安全的方式。
使用javascript版本,你也可以输出脚本,链接和表单到当前HTML页面中的其他域。如果您可以识别您的客户被阻止Cookie,这可能很有趣。
您还可以使用javascript来通知父文档有关现有会话。
we are solving the problem with eshop (php, mysql). The client want to have the same eshop on two domains with shared shopping cart. In the shop customer can do the shopping without users account (can't be logged in). And there is the problem, how to make the shared shopping cart cross domain.
The data from cart is stored in sessions, which we stored in database too. But we can't solve the problem in carrying data over domains. Identifying unlogged user is not holeproof (research).
The example, how it should work
Customer goes to domainOne and add some things to the cart. Than he goes to domainTwo (by link, typing domain address, however) and add some other things to the cart. In the cart he has things from both domains (after refreshing page).
Do you have any idea, how to solve this problem?
What didn't work:
- redirecting is not possible due to customer requirments
- cookies are related to domain
- set_cookie with the other domain didn't work
- the simpliest way is to carry over only the sessionid (stored in cookies) but we don't know, how to wholeproof identify unlogged users.
- is there any other place, where data can be stored on client side except cookies? (probably not)
- we can't use sending sessionid by params in url (if user click to link to the other domain) or resolving the header referer, bcs we don't know, how user can achieve the other domain.
If you can't understand me, take me a question. If you think, that having eshop on two domains with shared (common) cart is bad idea, don't tell me, we know it.
Thanks for each answer.
You can use a third domain to identify your customers over all domains.
Use for example a PHP File on http://thirdDomain.com/session.php that is included on all pages on both shops.
Sample:
<script type="text/javascript" src="http://thirdDomain.com/session.php"></script>
After your customer switches domains, you can identify him as the same customer using the third domain.
You can assign the session id on both shops to the session id on the third domain to access the cart on both shops. You only need to inform the third domain about your shop sessions (i.e. add them as parameter).
Depending on how flexible you are with your code and templates, you can even use an output from the third domain to define the session id in your shops. This way you can use the same session id on all domains. But normally a session id assignment should be the more secure way.
Using the javascript version you can also output scripts that may add a session id to all outgoing links and forms to the other domain in the current html page. This might be interesting if you can identify your customer as having cookies blocked. You can also use the javascript to inform the parent document about an existing session.
这篇关于跨网域会话 - 共享购物车跨网域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
