dongyu3967 2013-11-19 05:53
浏览 54
已采纳

在PHP中的同一服务器上跨多个域共享会话

I need to implement a solution for one of my project, where I have multiple domains + multiple sub-domains and they all need to share the same session. All domains and sub-domains would be pointed to the single application which is connected to the single database.

Means if user logged in from any of the domain will be able to visit secure pages of other domains of the application. User may change domain via following a link or via opening a new tab in the browser.

I have gone through some articles and found some below mentioned solutions:-

  1. Session in Database - What if other user from same network with same user agent hits?

  2. iFrame message passing - I heard at somewhere, that iFrame renders on document load and, then checking session after showing some page content will annoy the user.

  3. CURL request with CURLOPT_COOKIEFILE & CURLOPT_COOKIEJAR - I have played with this and it is working fine, but don't know if it is secure and not performance killer.

  4. Single Sign On (SSO) - I need some R&D to implement this and it would be the last option.

Please suggest what to do?

  • 写回答

1条回答 默认 最新

  • douque9815 2014-04-21 11:46
    关注

    Just to verify I am not wrong, you need to share user session across all your applications.

    As rightly said above, you may use 4 of the options above. However, I would like to focus on first option which is putting session in DB and would like to suggest another option as keeping sessions in shared directory or server.

    1. Sessions in DB - The answer to your question (What if other user from same network with same user agent hits?) is you will have different session id's value to uniquely identify each row in Table. So, no need to worry about it. But the disadvantage is, each time DB connection would be required and a query would be fired, when session is initialized i.e. for every single page.

    2. Sessions in shared directory/server - Configure all your applications in a such a manner that all applications store session at shared location. Shared location can either be a directory or a secured server. This can easily achieved by using session_set_save_handler.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 数字取证课程 关于FAT文件系统的操作
  • ¥15 如何使用js实现打印时每页设置统一的标题
  • ¥15 安装TIA PortalV15.1报错
  • ¥15 能把水桶搬到饮水机的机械设计
  • ¥15 Android Studio中如何把H5逻辑放在Assets 文件夹中以实现将h5代码打包为apk
  • ¥15 使用小程序wx.createWebAudioContext()开发节拍器
  • ¥15 关于#爬虫#的问题:请问HMDB代谢物爬虫的那个工具可以提供一下吗
  • ¥15 vue3+electron打包获取本地视频属性,文件夹里面有ffprobe.exe 文件还会报错这是什么原因呢?
  • ¥20 用51单片机控制急停。
  • ¥15 孟德尔随机化结果不一致