在 PHP 中的同一服务器上跨多个域共享会话
我需要为我的一个项目实施一个解决方案,其中我有多个域 + 多个子域,并且它们都需要共享同一个会话.所有域和子域都将指向连接到单个数据库的单个应用程序.
I need to implement a solution for one of my project, where I have multiple domains + multiple sub-domains and they all need to share the same session. All domains and sub-domains would be pointed to the single application which is connected to the single database.
表示如果用户从任何域登录,将能够访问应用程序其他域的安全页面.用户可以通过点击链接或在浏览器中打开新标签来更改域.
Means if user logged in from any of the domain will be able to visit secure pages of other domains of the application. User may change domain via following a link or via opening a new tab in the browser.
我浏览了一些文章并找到了一些下面提到的解决方案:-
I have gone through some articles and found some below mentioned solutions:-
数据库中的会话 - 如果来自同一网络的具有相同用户代理的其他用户命中怎么办?
Session in Database - What if other user from same network with same user agent hits?
iFrame 消息传递 - 我在某处听说 iFrame 在文档加载时呈现,然后在显示一些页面内容后检查会话会惹恼用户.
iFrame message passing - I heard at somewhere, that iFrame renders on document load and, then checking session after showing some page content will annoy the user.
带有 CURLOPT_COOKIEFILE & 的 CURL 请求CURLOPT_COOKIEJAR - 我玩过这个,它工作正常,但不知道它是否安全而不是性能杀手.
CURL request with CURLOPT_COOKIEFILE & CURLOPT_COOKIEJAR - I have played with this and it is working fine, but don't know if it is secure and not performance killer.
单点登录 (SSO) - 我需要一些研发来实现这一点,这将是最后的选择.
Single Sign On (SSO) - I need some R&D to implement this and it would be the last option.
请建议怎么做?
为了验证我没有错,您需要在所有应用程序之间共享用户会话.
Just to verify I am not wrong, you need to share user session across all your applications.
正如上面所说的,您可以使用上面的 4 个选项.但是,我想关注第一个选项,即将会话放入数据库,并建议另一个选项,将会话保存在共享目录或服务器中.
As rightly said above, you may use 4 of the options above. However, I would like to focus on first option which is putting session in DB and would like to suggest another option as keeping sessions in shared directory or server.
DB 中的会话 - 您问题的答案(如果来自同一网络的其他用户使用相同的用户代理命中怎么办?)是您将拥有不同的会话id 的值来唯一标识表中的每一行.因此,无需担心.但缺点是,每次都需要数据库连接并触发查询时,会话被初始化,即每个页面.
Sessions in DB - The answer to your question (What if other user from same network with same user agent hits?) is you will have different session id's value to uniquely identify each row in Table. So, no need to worry about it. But the disadvantage is, each time DB connection would be required and a query would be fired, when session is initialized i.e. for every single page.
共享目录/服务器中的会话 - 以所有应用程序都在共享位置存储会话的方式配置所有应用程序.共享位置可以是目录或安全服务器.这可以通过使用 session_set_save_handler 轻松实现.
Sessions in shared directory/server - Configure all your applications in a such a manner that all applications store session at shared location. Shared location can either be a directory or a secured server. This can easily achieved by using session_set_save_handler.