PHP共享会话跨域PHP
我已经看到了一些答案,这样的特种作战部队,但其中大部分是涉及使用子域名,其中有没有适合我的工作。常见的一个是,使用 session.cookie_domain ,从我的理解只能与子域的工作。
I have seen a few answers to this on SOF but most of these are concerned with the use of subdomains, of which none have worked for me. The common one being that the use of session.cookie_domain, which from my understanding will only work with subdomains.
我感兴趣的一个解决方案,与完全不同的领域的交易处理(包括子域)的可能性。不幸的是项目的最后期限是它们是什么,时间是不是在我身边,让我谈谈SOF的专业知识和经验。
I am interested in a solution that deals with deals with entirely different domains (and includes the possibility of subdomains). Unfortunately project deadlines being what they are, time is not on my side, so I turn to SOF's expertise and experience.
目前的项目简介是能够登录到一个网站目前只存储 USER_ID 会话,然后才能检索该值,而在不同的在同一服务器环境中的域。会话数据被存储/从数据库所在的会话ID 是主键检索。
The current project brief is to be able to log into one site which currently only stores the user_id in the session and then be able to retrieve this value while on a different domain within the same server enviroment. Session data is being stored/retrieved from a database where the session id is the primary key.
我希望能找到一个轻wieght和易实现的解决方案。
I am hoping to find a "light wieght" and "easy" to implement solution.
该系统utlising一个内部模型视图控制器设计模式,让所有的请求(包括不同的域)通过一个单一的启动脚本的运行。使用域名作为变量,这决定了上下文,以显示给用户。
The system is utlising an in-house Model View Controller design pattern, so all requests (including different domains) are run through a single bootstrap script. Using the domain name as a variable, this determines what context to display to the user.
一个选项,它看上去的确喜欢有潜力利用隐藏图像,并使用ALT标记设置用户ID 。我的第一个IM pressions表明这立刻显得太容易(如果可能的话),并充满了安全漏洞。涉诉?
One option that did look like to have potential is the use of a hidden image and using the alt tag to set the user id. My first impressions suggest this immediately seems "too easy" (if possible) and riddled with security flaws. Disscuss?
这是我考虑的是使用IP和用户代理进行身份验证,但我又觉得这不会是一个可靠的选择,由于共享网络,并更改IP地址的另一个选择。
Another option which I considered is using the IP and User Agent for authentication but again I feel this not going to be a reliable option due to shared networks and changing IP addresses.
我的第三个选项(和preferred),我认为,目前还没有看到的是使用的htaccess 来欺骗用户讨论,以为它们是在不同的当INFACT Apache是重定向域;像
My third option (and preferred) which I considered and as yet not seen discussed is using htaccess to fool the user into thinking that they are on a different domain when infact apache is redirecting; something like
www.foo.com/index.php?domain=bar.com&controller=news/categoires/1
但显示给用户作为
www.bar.com/news/categories/1
www.foo.com/index.php?domain=bar.com&controller=news/categoires/1
but displays to the user as
www.bar.com/news/categories/1
foo.com 重presents主网站域所有的请求都通过和 bar.com 是用户认为他们正在访问的内容。该控制器的要求决定了网页和查看被请求。这可能吗?
foo.com represents the "main site domain" which all requests are run through and bar.com is what the user thinks they are accessing. The controller request dictates the page and view being requested. Is this possible?
是否还有其他选择?优点/缺点?
Are there other options? Pros/Cons?
在此先感谢!
推荐答案
有关的利益,任何人在这个功能的其他兴趣,没有一个简单的答案,我很害怕。谷歌单点登录,它会回来的技术和解决方案的一些可用的编缉。
For the benefit for anyone else interested in this functionality, there is no simple answer I am afraid. Google "Single Sign On" and it will come back with the technology and some solutions avialable.
至于用htaccess的隐藏域名,这是不可能的,因为它可能被用于恶意活动
As for using htaccess to hide the domain name, this is not possible as it could be used for malicious activities.
我现在已经成功实施了系统才达到我的要求。
I have now successfully implemented a system to achive my requirements.
