douzong0711 2011-03-15 15:43
浏览 118

在PHP中实现单点登录

Can anyone point out what the obvious flaws with this approach would be, as I am sure there will be some...

  1. User tries to access restricted area on 'original box'
  2. User is not logged in, so is redirected to 'secure box'
  3. User logs in via LDAP using SSL & ldaps
  4. Session is created on 'secure box'
  5. User is redirected back to 'original box'
  6. 'original box' does a file_get_contents to session.php on 'secure box'
  7. 'secure box' checks for valid session, and if present returns username and some extra info as xml (obviously no password info)
  8. 'original box' uses xml to create local session
  9. User is allowed to progress through protected area with each page view checking 'secure box' for valid session
  • 写回答

2条回答 默认 最新

  • douzhan3900 2011-03-15 15:49
    关注

    I don't get why you use file_get_content(); instead of include/require.

    Why do you need to get the content of "session.php" at all? Couldn't you simply use $_SESSION['myVar']; to get the session infos you need?

    评论

报告相同问题?

悬赏问题

  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?