Home > Backend Development > PHP Tutorial > Session control for single sign-on in PHP

Session control for single sign-on in PHP

不言
Release: 2023-04-02 22:52:01
Original
1285 people have browsed it

This article mainly introduces the session control of single sign-on in PHP. It has certain reference value. Now I share it with you. Friends in need can refer to it

1. Simply use session
Before using session, you need to open session with session_start()
Write a Demo to implement it

Create a new session.php

<?php
    session_start();	//使用时必须开启,如果你在php.ini里头修改了配置那么就无需在开启session了
    $_SESSION[&#39;username&#39;] = &#39;admin&#39;;	//存储session信息为键为username值为admin的一对数据
?>
Copy after login

Create a new getsession.php and let’s do it Get the value

<?php
	session_start();	//使用时必须开启,如果你在php.ini里头修改了配置那么就无需在开启session了
	echo $_SESSION[&#39;username&#39;];	//取出在session里存的username的值
?>
Copy after login

The values ​​obtained by different browsers are different because their sessionids are different. For example:
I use Google browser to access session.php and then generate If a session is created, then I can get the value when I access getsession.php using the same browser. When I access session.php again using the Firefox browser, a session is regenerated, and I can get the value when I access getsession.php again. to the value, but you will find that the value is not the same, because the two browsers have different sessionIDs. If you take the sessionID of Firefox and modify the sessionID of Google, then you will find that they are two The values ​​are the same, because the session value only recognizes sessionID.

Children's shoes can try to operate it to see if it looks like this.

2. Cross-domain
If we configure our own virtual host on our own Apache/nginx server.
Mine is an Apache server, and nginx also modifies the configuration file----vhost.conf.

<VirtualHost *:80>
    DocumentRoot "H:\myphp_www\PHPTutorial\WWW\sessoin"
    ServerName www.test.com
    ServerAlias 
  <Directory "H:\myphp_www\PHPTutorial\WWW\sessoin">
      Options FollowSymLinks ExecCGI
      AllowOverride All
      Order allow,deny
      Allow from all
     Require all granted
  </Directory>
</VirtualHost>
Copy after login

A virtual host with a virtual domain name of www.test.com has been set up. Remember to restart Apache/nginx, otherwise the configuration will not take effect.

What we have to do now is to keep the session IDs under the two domain names consistent, for example: www.test.com and localhost, provided that they are under one server.
Let’s write a Demo to implement it (not considering security and performance first)

To create a user.php, we need to pass the sessionID under the current localhost to www.test.com

<?php
	session_start();	//一定要先开启session
	$sid = session_id();		//获取到当前的sessionID
?>
<a href="http://www.test.com/getsession.php?sid= <?php echo $sid;?> ">跳转</a>
Copy after login

If you jump directly on the page, there will be an error, because we only transmitted it and gotsession.php did not receive it, so we need to modify the getsession.php file

<?php
	if (isset($_GET[&#39;sid&#39;])){
		//setcookie(&#39;名字&#39;,&#39;值&#39;,&#39;有效期&#39;,&#39;域名&#39;);
		$sid = $_GET[&#39;sid&#39;];
		//setcookie(&#39;PHPSESSID&#39; , $sid);	//设置sessionID
		//或者我们还可以用另一种方式
		session_id($sid);	//开启session之前 指定一个sessionid
	}
	session_start();
	echo $_SESSION[&#39;username&#39;];
?>
Copy after login

so that we can change it according to the sessionID The consistency solves the cross-domain problem between the two domain names

3. Implement single sign-on----meaning that after logging in under localhost, you can log in simultaneously under www.test.com---- -Cross-domain request
Cross-domain requests cannot be implemented using ajax. Jsonp needs to be used for cross-domain
Create a local file in the same directory of the session folder to better distinguish the two domains
What we want to achieve now is to allow localhost and www.test.com to communicate with each other -----The premise is that it is on a server

Create an api.php under the session

<?php
	
?>
Copy after login

Create an index.html under local

<script src="www.test.com/api.php"></script>  <!-- JS代码在浏览器端执行 -->
Copy after login

When accessing index.html under local, it will initiate two requests because the js code inside requests www.test.com/api .php

Modify the getsession.php file under session to the following content:

<?php
	session_start();
	if(isset($_SESSION[&#39;uid&#39;])){
		echo "用户已登录,id是".$_SESSION[&#39;uid&#39;];
	} else {
		echo "没有登录";	
	}
?>
Copy after login

Copy a copy of getsession.php under session to local

In local Create a login.php file

<?php
	session_start();
	$_SESSION[&#39;uid&#39;] = 18;	//存储session数据键为uid值为18的一对数据
?>
Copy after login

When we access login.php and then access the getsession.php file in the current directory, the result is: the user is logged in and the id is 18.

Then What we have to do now is to quietly let www.test.com log in when accessing login.php under localhost to log in.

Modify the login.php file under localhost to the following code:

<?php
	session_start();
	$_SESSION[&#39;uid&#39;] = 18;	//存储session数据键为uid值为18的一对数据
	$uid = $_SESSION[&#39;uid&#39;];
?>
<script src="www.test.com/api.php?uid=<?php echo $uid;?>" ></script>
Copy after login

Visit localhost/local/login.php for synchronous login, and then access localhost/local/getsession.php to already be logged in

Now visit www.test.com/getsession directly The .php file will not change in any way because we have not received the session, so we need to modify the api.php file under the session to the following code:

<?php
	session_start();
	$uid = $_GET[&#39;uid&#39;];
	
	$_SESSION[&#39;uid&#39;] = $uid;
?>
Copy after login

In this case, visit www.test.com/getsession. When using php, it will also prompt that you have logged in
In this way, we use Jsonp to implement cross-domain requests. When logging into one website, another website can log in simultaneously

The above is the entire article Content, I hope it will be helpful to everyone’s learning. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

Introduction to information encryption technology in PHP

How to solve the problem of PHP leaving behind after the foreach loop Array reference problem

How to solve the problem that the mui-silder plug-in in vue mui is invalid and cannot be dragged

The above is the detailed content of Session control for single sign-on in PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template