How PHP implements single sign-on through multi-site shared seeion (code example)

The content of this article is about how PHP realizes single sign-on (code example) through shared seeion. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

I have been free recently, so I summarized and sorted out the single sign-on issues.

The basic principle of single sign-on is: the client shares sessionid, and the server shares session information. By obtaining the same session information on the server side through a common sessionid, the purpose of single sign-on can be achieved (that is, multiple sites share user information, log in at one place, and can be used everywhere).

Single sign-on is divided into two situations:

1. The site is deployed on the same server and uses the same second-level domain name

In this case, it is better solve.

1. First solve the problem of sharing the site's sessionid (existing in the cookie) on the client side. Use the ini_set() function to specify the domain of the cookie, as follows: <span style="font-size: 14px;"></span><span style="font-size: 14px;"></span>##

ini_set('session.cookie_domain', '.xxxx.com');
//设置服务器cookie的域，xxxx为公用二级域名

2. Secondly, solve the site problem Sharing of session information on the server side. Because the sites are on the same server, the generated session files are public and you can directly use the sessionid to obtain the corresponding session information. <span style="font-size: 14px;"></span>

2. The site is deployed on different servers and uses different domain names.

This situation is more complicated because the site uses different domain names on different servers and ini_set cannot be used to set cookies on the client. scope, on the server side each generates its own session file, which cannot be shared, but there is still a solution.

1. First solve the problem of client sessionid synchronization. <span style="font-size: 14px;"></span>

Suppose we have three sites, the domain names are aa.com, bb.com, cc.com. We create a common login portal login.php on aa.com, and all login requests from the three websites jump to this page. The code process is as follows:

    $back = login($name,$pwd);//执行登陆操作,成功就写入session
    //如果登录成功，进行以下操作流程
    if($back){
            $sessionid = session_id();        
            $key = encode($session,$keyword);//生成安全码
        //输出一个登陆成功提示页，并跳转到请求登陆的站点
    }

Add the following code to the successful login html prompt page, and use the iframe tag to request the site that needs to be logged in simultaneously

The set_cookie.php files of the aa.com and cc.com sites are as follows

//解密
$keydecode($key);
//把当前站点的sessionid设置为传递的sessionid
session_id($_GET['sessionid']);
session_start();

2. Solve the problem of server-side sharing of sessions among the three sites. <span style="font-size: 14px;"></span>

As mentioned before, because the three sites are not on the same server, their own session files will be generated. If you want to share these files, you will face a series of cross-domain problems. So we changed our thinking and instead of using files to save session information, we saved the session information in the database. In this way, as long as the session ID of the session information is obtained, any site can access the same session information.

We create a mysql_session.php file to store session information in the database. The code is as follows

$gb_DBname="test";                        //数据库名称 
$gb_DBuser="root";                        //数据库用户名称 
$gb_DBpass="";                            //数据库密码 
$gb_DBHOSTname="127.0.0.1";               //主机的名称或是IP地址 
$SESS_DBH="";                           //数据库对象
session_module_name("User");            //定义session存储按用户定义的方式
$SESS_LIFE=get_cfg_var("session.gc_maxlifetime");//得到session的最大有效期,也可以自定义
function sess_open($save_path,$session_name){ 
    global $gb_DBHOSTname,$gb_DBname,$gb_DBuser,$gb_DBpass,$SESS_DBH; 
    if(!$SESS_DBH=mysql_pconnect($gb_DBHOSTname,$gb_DBuser,$gb_DBpass)){ 
    echo "MySql Error:".mysql_error().""; 
    die(); 
    } 
    if(!mysql_select_db($gb_DBname,$SESS_DBH)){ 
    echo "MySql Error:".mysql_error().""; 
    die(); 
    } 
    return true; 
} 
function sess_close(){ return true; 
} 
function sess_read($key){ 
    global $SESS_DBH,$SESS_LIFE; 
    $qry="select value from db_session where sesskey = '$key' and expiry > ".time(); 
    $qid=mysql_query($qry,$SESS_DBH); 
    if(list($value)=mysql_fetch_row($qid)){ 
    return $value; 
    } 
    return false; 
}
//写入session信息。保存session信息的数据表名为：db_session
//除了主键自增id，需要的字段如下
//sesskey   sessionid
//values    session值
//expiry    session的到期日期
function sess_write($key,$val){ 
    global $SESS_DBH,$SESS_LIFE; 
    $expiry=time()+$SESS_LIFE; 
    $value=$val; 
    $qry="insert into db_session values('$key',$expiry,'$value')"; 
    $qid=mysql_query($qry,$SESS_DBH); 
    if(!$qid){ 
    $qry="update db_session set expiry=$expiry, value='$value' where sesskey='$key' and expiry >".time(); 
    $qid=mysql_query($qry,$SESS_DBH); 
    } 
    return $qid; 
} 
function sess_destroy($key){ 
    global $SESS_DBH; 
    $qry="delete from db_session where sesskey = '$key'"; 
    $qid=mysql_query($qry,$SESS_DBH); 
    return $qid; 
} 
function sess_gc($maxlifetime){ 
    global $SESS_DBH; 
    $qry="delete from db_session where expiry < ".time(); 
    $qid=mysql_query($qry,$SESS_DBH); 
    return mysql_affected_rows($SESS_DBH); 
} 

session_set_save_handler("sess_open","sess_close","sess_read","sess_write","sess_destroy","sess_gc");

Afterwards, in the page where session needs to be used, introduce the file before session_start(), others Just use seesion as usual. You will find that the session you assigned has been stored in the database.

Related recommendations:

thinkphp Second-level domain name site session sharing (single sign-on)

php realizes web system single Click to log in

The above is the detailed content of How PHP implements single sign-on through multi-site shared seeion (code example). For more information, please follow other related articles on the PHP Chinese website!