doutan6286 2014-08-24 08:19 采纳率: 100%
浏览 1228
已采纳

在iFrame中自动登录

I have a website that I'm working on, It's something like a car sharing system, user-based. In some pages I'm using a iframe in the middle of the page to link to another website which is not in PHP (Liferay actually), so I found out it was the easiest way to include it. The problem is, everytime a user logs in, it doesn't auto login inside the iFrame as well. It's then necessary to do a second authentication which is a bit frustrating.

Here is the example pic:

https://www.diigo.com/item/image/4sr25/9ct1?size=o

As you can see, I'm logged in (check upper right corner), but the iframe still shows an authentication box instead of what's supposed to.

I thought about using javascript to auto login inside the iFrame, but I'm not sure what's the most secure way to do it, since we're talking about critical data.

Any idea?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • dt2002 2014-08-24 17:27
    关注

    Liferay supports external user databases (e.g. LDAP) and Single Sign On (SSO) systems. Thus, a good way to support a single log in for many different applications, is to embed an SSO system. Out of the box Liferay supports a lot of them and it's easy to implement support for more.

    One way to solve this is to use an external SSO system for your PHP application as well as for Liferay: In future you'd always sign on to that system and PHP as well as Liferay would need to interface with it.

    Another way, if your PHP system can't do this is to mimic an SSO system with your PHP application - e.g. have your application forward the user identity to Liferay the way any SSO system would do. Typically this can be through cookies if both servers share a domain. Also, you could do some redirects to known URLs (e.g. encrypt the user's identity in a URL) or have a server-side system that identifies the user and sets some HTTP headers for the following appservers (Liferay/PHP)

    How do you do this exactly? Is there anything already available? I fear that this is too complex an answer for this question - especially as I don't know how easy it would be to embed an existing SSO into your PHP application. That's an aspect that is quite important for the choice of strategy.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效