doutan6286 2014-08-24 08:19 采纳率: 100%
浏览 1228
已采纳

在iFrame中自动登录

I have a website that I'm working on, It's something like a car sharing system, user-based. In some pages I'm using a iframe in the middle of the page to link to another website which is not in PHP (Liferay actually), so I found out it was the easiest way to include it. The problem is, everytime a user logs in, it doesn't auto login inside the iFrame as well. It's then necessary to do a second authentication which is a bit frustrating.

Here is the example pic:

https://www.diigo.com/item/image/4sr25/9ct1?size=o

As you can see, I'm logged in (check upper right corner), but the iframe still shows an authentication box instead of what's supposed to.

I thought about using javascript to auto login inside the iFrame, but I'm not sure what's the most secure way to do it, since we're talking about critical data.

Any idea?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • dt2002 2014-08-24 17:27
    关注

    Liferay supports external user databases (e.g. LDAP) and Single Sign On (SSO) systems. Thus, a good way to support a single log in for many different applications, is to embed an SSO system. Out of the box Liferay supports a lot of them and it's easy to implement support for more.

    One way to solve this is to use an external SSO system for your PHP application as well as for Liferay: In future you'd always sign on to that system and PHP as well as Liferay would need to interface with it.

    Another way, if your PHP system can't do this is to mimic an SSO system with your PHP application - e.g. have your application forward the user identity to Liferay the way any SSO system would do. Typically this can be through cookies if both servers share a domain. Also, you could do some redirects to known URLs (e.g. encrypt the user's identity in a URL) or have a server-side system that identifies the user and sets some HTTP headers for the following appservers (Liferay/PHP)

    How do you do this exactly? Is there anything already available? I fear that this is too complex an answer for this question - especially as I don't know how easy it would be to embed an existing SSO into your PHP application. That's an aspect that is quite important for the choice of strategy.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 oracle集群安装出bug
  • ¥15 关于#python#的问题:自动化测试
  • ¥20 问题请教!vue项目关于Nginx配置nonce安全策略的问题
  • ¥15 教务系统账号被盗号如何追溯设备
  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图2.0 版本点聚合中Marker的位置无法实时更新,如何解决呢?
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题