php method to implement SSO login: 1. The user enters the login page to generate a custom SID and writes it to redis and cookie; 2. In the constructor of the business BaseController, write an operation to update redis; 3. js Construct a jump event, and then the server checks the user's redis based on the SID.
#The operating environment of this article: Windows 7 system, PHP version 7.1, Dell G3 computer.
How to implement SSO login in php?
SSO single sign-on design and PHP implementation
It is recommended to be familiar with single sign-on SSO related concepts first.
1. SSO: single sign-on, one login, all related systems can be entered, no need to log in repeatedly
2. Implementation plan: share [top-level domain name] cookie S [ID] [Cross-domain SID]
3. Abandon PHP session and store user information in redis
4. Every time the user operates legally, in the business BaseController Constructor, write an operation to update redis, and update the expireTime of the user login state stored in redis -- the purpose is to simulate session expiration
5. Specific SSO implementation of single sign-on: (PHPsessionId is deprecated ) -- The authenticated user login api is placed on the sso server, and other login pages call this interface.
1) SSO single sign-on authentication: The user enters the login page to generate a custom SID, writes it to redis and cookies; submits the account password, adjusts the SSO authentication api to pass, SSO needs to bind the user to the SID in the cookie. (LoginAction/ssologin/line 321: inside api::get)
The local server generates tokens (both are custom fields and rules) and stores them in redis. The validity period is recommended to be 30 minutes.
2) In the constructor of the business BaseController, write an operation to update redis. When the business comes, update the corresponding SID and token validity period (that is, if there is no operation for 30 minutes, the login state expires), -- the purpose is to simulate session expiration
3) The domain name where the SID is stored in the cookie must be a top-level domain name such as [.example.com], and the cookie validity period is recommended to be one month;
4) The user directly clicks on other subdomains from the domain name page just logged in< a link>, a link does not need to carry a clear text SID or token, because the cookie will bring the SID itself. Based on the SID in the cookie, the server goes to the SSO authentication interface to see whether the redis data corresponding to the SID is valid;
6. Cross-domain login. For example, I want to log in to a domain name that is not [.example.com], such as: erji.mogo.com, but I use the same SSO authentication system. What should I do?
We are still on the domain name webpage we just logged in. JS constructs a jump event. The jump url?&SID=xxx is enough. We can use jQuery.cookie.js to get the SID from the cookie, and then the server can do the same. Check whether the user's redis data is expired based on the SID.
Recommended study: "PHP Video Tutorial"
The above is the detailed content of How to implement SSO login in php. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
