doutan6286 2014-08-24 08:19 采纳率: 100%
浏览 1229
已采纳

在iFrame中自动登录

I have a website that I'm working on, It's something like a car sharing system, user-based. In some pages I'm using a iframe in the middle of the page to link to another website which is not in PHP (Liferay actually), so I found out it was the easiest way to include it. The problem is, everytime a user logs in, it doesn't auto login inside the iFrame as well. It's then necessary to do a second authentication which is a bit frustrating.

Here is the example pic:

https://www.diigo.com/item/image/4sr25/9ct1?size=o

As you can see, I'm logged in (check upper right corner), but the iframe still shows an authentication box instead of what's supposed to.

I thought about using javascript to auto login inside the iFrame, but I'm not sure what's the most secure way to do it, since we're talking about critical data.

Any idea?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • dt2002 2014-08-24 17:27
    关注

    Liferay supports external user databases (e.g. LDAP) and Single Sign On (SSO) systems. Thus, a good way to support a single log in for many different applications, is to embed an SSO system. Out of the box Liferay supports a lot of them and it's easy to implement support for more.

    One way to solve this is to use an external SSO system for your PHP application as well as for Liferay: In future you'd always sign on to that system and PHP as well as Liferay would need to interface with it.

    Another way, if your PHP system can't do this is to mimic an SSO system with your PHP application - e.g. have your application forward the user identity to Liferay the way any SSO system would do. Typically this can be through cookies if both servers share a domain. Also, you could do some redirects to known URLs (e.g. encrypt the user's identity in a URL) or have a server-side system that identifies the user and sets some HTTP headers for the following appservers (Liferay/PHP)

    How do you do this exactly? Is there anything already available? I fear that this is too complex an answer for this question - especially as I don't know how easy it would be to embed an existing SSO into your PHP application. That's an aspect that is quite important for the choice of strategy.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 C++ 如何判断设置快捷键来实现隐藏/显示窗口
  • ¥15 关于#材料工程#的问题:有没有具有电子阻挡层和空穴阻挡层的电池仿真silvaco代码例子或者其他器件具有阻挡层例子的silvaco代码(最好还有相关文献)
  • ¥60 基于MATLAB的TAOD算法
  • ¥15 Groimp使用疑问
  • ¥15 MDK–ARM里一直找不到调试器
  • ¥15 oracle中sql查询问题
  • ¥15 vue使用gojs3.0版本,在nodeDataArray中的iconSrc使用gif本地路径,展示出来后动画是静态的,不是动态的
  • ¥100 代写个MATLAB代码,有偿
  • ¥15 ansys electronics 2021 R1安装报错,错误代码2,如图
  • ¥15 Dev-c++打字不出现中文,但出现日文