I talked about session-related configurations earlier. During development, the login module is often needed to share sessions across domains. I believe many development friends have encountered this. You only need one place to log in, and the associated website is also in Login status. There are two situations: one is between 9streets.cn and a.9streets.cn, and the other is between a.com and b.com. I have summarized the handling methods in the past few days.
Whether it is a first- and second-level domain name, or cross-domain under different domain names, two points must be achieved:
The client accesses the same sessionId,
The location of the session data accessed by servers corresponding to all domain names must be consistent.
1. Accessing the common sessionId is mainly by writing the current sessionId into the cookie.
Cookies cannot be accessed under different domain names. We need to set the user in the background during the visit. When logging in, set the domain name that needs to be shared login information. If it is under the 1st or 2nd level domain name, directly set the cookie to the main domain name, for example:
setcookie("session_id",session_id(),time()+3600*24*365*10,"/",".a.com");
Maybe you Will ask: What if it is in a different domain name? It is a simple solution using P3P technology. The implementation principle is that when accessing the website x.com, the y.com program triggers the writing of the sessionid value in the y.com file. The sessionid value can be obtained, and then the seesion value is stored in the database and the same value is obtained. The sessionid value is sufficient. This requires that the program files in y.com must be accessible across domains. By default, browsers cannot set cookies across domains. You must add the p3p header. Add to the corresponding php file: header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
2.session data storage location Consistent implementation method
session By default, the data is stored in the tmp file of the server. It exists in the form of a file instead of being stored in the server's memory. Here we have to modify it to Accessible from all domains. Database storage, file storage, and memory storage are introduced online. If a database is used to store session data and the website has a large number of visits, SESSION reading and writing will frequently operate on the database, and the efficiency will be significantly reduced. You can consider the presence of memory. The server is implemented. The following session.rar introduces an example of the data inventory session.
To deal with this problem under yii2, the successful configuration according to the tutorials found on the Internet is as follows:
Configure in main.php in the frontend's config folder
$host = explode('.', $_SERVER["HTTP_HOST"]); if (count($host) > 2) { define('DOMAIN', $host[1] . '.' . $host[2]); } else { define('DOMAIN', $host[0] . '.' . $host[1]); } define('DOMAIN_HOME', 'www.' . DOMAIN); define('DOMAIN_USER_CENTER', 'man.' . DOMAIN); define('DOMAIN_API', 'api.' . DOMAIN); define('DOMAIN_EMAIL', 'mail.' . DOMAIN); define('DOMAIN_LOGIN', 'login.' . DOMAIN); define('DOMAIN_IMG', 'img.' . DOMAIN);
Then configure User and Session:
'user' => [ 'enableAutoLogin' => true, 'identityCookie' => ['name' => '_identity', 'httpOnly' => true, 'domain' => '.' . DOMAIN], ], 'session' => [ 'cookieParams' => ['domain' => '.' . DOMAIN, 'lifetime' => 0], 'timeout' => 3600, ],
Here I wrote the domain in the user and session of the configuration item, for example: 'domain'= >'.baidu.com', so there is no need to judge.
The above is the entire content of this article. I hope it will be helpful to everyone's learning, and I also hope that everyone will support the PHP Chinese website.
For more articles related to solutions for session cross-domain coexistence under Yii2, please pay attention to the PHP Chinese website!