There are two websites, a.com and b.com. After logging into the website a.com, you will automatically log in to b.com, and vice versa. In short, the login and logout status of the two websites remain synchronized.
In addition, in addition to a.com and b.com, there are countless websites with the same different domain names that need to synchronize their login status.
For example, in the Duoshuo comment system, after logging in once, you can log in on other websites that use Duoshuo without having to log in. How is this done?
SSO(single sign on)
The situation you mentioned can be solved by the above solution. There are many ways to implement this solution. You can check it out.
I will also give you a simple example:
When you log in to a website,
1) He obtained your username and password and sent them to the background
2) After passing the verification, an encrypted authentication character oauth will be generated by the backend
3) Then send a message to the front desk saying that you have successfully logged in, and then use the background script to insert relevant authentication information into a series of specified domain names.
In this way, although you are only logged in under one domain name, your authentication information will also be available under other domain names. Of course, the above is just one implementation plan, there are others
The implementation method is quite different from this.
All browser state saving methods are saved by domain. Taking cookies as an example, assume you want to be in the
a.com
使用b.com
的授权登录,当你登录的时候调用了oauth,那么其实你是跳转到b.com
进行登录的,那么你的浏览器就会保存b.com
登录状态。那么当你在c.com
登录的时候,你的浏览器已经保存了b.com
的登录状态,那么自然就可以自动登录了。当然,a.com
和c.com
在浏览器中是无法获取到b.com
state.Let me give you a few keywords, single sign-on, document.cookie domain (of course there are other methods.)
There is a resource below, you can check it out, https://m.toutiao.com/group/6...
Simple understanding: All websites query a login-only server