简体繁体 English

在 PHP 中的同一服务器上跨多个域共享会话

[英]Sharing session across multiple domains on same server in PHP

原文 2013-11-19 05:53:36 8 1 php/ session-cookies

I need to implement a solution for one of my project, where I have multiple domains + multiple sub-domains and they all need to share the same session.我需要为我的一个项目实施一个解决方案，其中我有多个域 + 多个子域，并且它们都需要共享同一个会话。 All domains and sub-domains would be pointed to the single application which is connected to the single database.所有域和子域都将指向连接到单个数据库的单个应用程序。

Means if user logged in from any of the domain will be able to visit secure pages of other domains of the application.意味着如果用户从任何域登录，将能够访问应用程序其他域的安全页面。 User may change domain via following a link or via opening a new tab in the browser.用户可以通过点击链接或在浏览器中打开新标签来更改域。

I have gone through some articles and found some below mentioned solutions:-我浏览了一些文章，发现了一些下面提到的解决方案：-

Session in Database - What if other user from same network with same user agent hits?数据库中的会话- 如果来自同一网络的具有相同用户代理的其他用户命中怎么办？
iFrame message passing - I heard at somewhere, that iFrame renders on document load and, then checking session after showing some page content will annoy the user. iFrame 消息传递- 我在某处听说 iFrame 在文档加载时呈现，然后在显示某些页面内容后检查会话会惹恼用户。
CURL request with CURLOPT_COOKIEFILE & CURLOPT_COOKIEJAR - I have played with this and it is working fine, but don't know if it is secure and not performance killer.带有 CURLOPT_COOKIEFILE 和 CURLOPT_COOKIEJAR 的 CURL 请求- 我玩过这个并且它工作正常，但不知道它是否安全而不是性能杀手。
Single Sign On (SSO) - I need some R&D to implement this and it would be the last option.单点登录 (SSO) - 我需要一些研发来实现这一点，这将是最后的选择。

Please suggest what to do?请建议怎么办？

1 个解决方案

Just to verify I am not wrong, you need to share user session across all your applications.只是为了验证我没有错，您需要在所有应用程序之间共享用户会话。

As rightly said above, you may use 4 of the options above.如上所述，您可以使用上面的 4 个选项。 However, I would like to focus on first option which is putting session in DB and would like to suggest another option as keeping sessions in shared directory or server.但是，我想专注于将会话放入数据库中的第一个选项，并建议另一个选项作为将会话保存在共享目录或服务器中。

Sessions in DB - The answer to your question (What if other user from same network with same user agent hits?) is you will have different session id's value to uniquely identify each row in Table.数据库中的会话- 您的问题的答案（如果来自同一网络的其他用户使用相同的用户代理命中怎么办？）是您将拥有不同的会话 ID 值来唯一标识表中的每一行。 So, no need to worry about it.因此，无需担心。 But the disadvantage is, each time DB connection would be required and a query would be fired, when session is initialized ie for every single page.但缺点是，每次都需要数据库连接并触发查询时，会话被初始化，即每个页面。
Sessions in shared directory/server - Configure all your applications in a such a manner that all applications store session at shared location.共享目录/服务器中的会话- 以所有应用程序将会话存储在共享位置的方式配置所有应用程序。 Shared location can either be a directory or a secured server.共享位置可以是目录或安全服务器。 This can easily achieved by using session_set_save_handler .这可以通过使用session_set_save_handler轻松实现。