doutan6286 2014-08-24 08:19 采纳率: 100%
浏览 1229
已采纳

在iFrame中自动登录

I have a website that I'm working on, It's something like a car sharing system, user-based. In some pages I'm using a iframe in the middle of the page to link to another website which is not in PHP (Liferay actually), so I found out it was the easiest way to include it. The problem is, everytime a user logs in, it doesn't auto login inside the iFrame as well. It's then necessary to do a second authentication which is a bit frustrating.

Here is the example pic:

https://www.diigo.com/item/image/4sr25/9ct1?size=o

As you can see, I'm logged in (check upper right corner), but the iframe still shows an authentication box instead of what's supposed to.

I thought about using javascript to auto login inside the iFrame, but I'm not sure what's the most secure way to do it, since we're talking about critical data.

Any idea?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • dt2002 2014-08-24 17:27
    关注

    Liferay supports external user databases (e.g. LDAP) and Single Sign On (SSO) systems. Thus, a good way to support a single log in for many different applications, is to embed an SSO system. Out of the box Liferay supports a lot of them and it's easy to implement support for more.

    One way to solve this is to use an external SSO system for your PHP application as well as for Liferay: In future you'd always sign on to that system and PHP as well as Liferay would need to interface with it.

    Another way, if your PHP system can't do this is to mimic an SSO system with your PHP application - e.g. have your application forward the user identity to Liferay the way any SSO system would do. Typically this can be through cookies if both servers share a domain. Also, you could do some redirects to known URLs (e.g. encrypt the user's identity in a URL) or have a server-side system that identifies the user and sets some HTTP headers for the following appservers (Liferay/PHP)

    How do you do this exactly? Is there anything already available? I fear that this is too complex an answer for this question - especially as I don't know how easy it would be to embed an existing SSO into your PHP application. That's an aspect that is quite important for the choice of strategy.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵