[英]Implementing Single Sign On in PHP
Can anyone point out what the obvious flaws with this approach would be, as I am sure there will be some... 谁能指出这种方法的明显缺陷是什么,因为我敢肯定会有一些...
I don't get why you use file_get_content(); 我不明白为什么你使用file_get_content(); instead of include/require. 而不是包含/要求。
Why do you need to get the content of "session.php" at all? 为什么您需要完全获取“ session.php”的内容? Couldn't you simply use $_SESSION['myVar']; 您不能简单地使用$ _SESSION ['myVar']; to get the session infos you need? 获取您需要的会话信息?
to pass data serialize object(from session class)? 通过数据序列化对象(从会话类)?
or alternatively serialize array containing what you need. 或者序列化包含所需内容的数组。
to transfer the data and keep them accurate 传输数据并保持准确性
memcached (which might get updated by any site ie. expired session, logout) memcached(可能会通过任何站点进行更新,例如会话过期,注销)
[no]SQL server (can be ReadOnly for services using SSO) [no] SQL服务器(对于使用SSO的服务可以只读)
text file on 'secure box' (assuming it doesn't contain any sensitive data) “安全框”上的文本文件(假设它不包含任何敏感数据)
btw: SSO system purpose is to only validate the user credentials. 顺便说一句:SSO系统的目的是仅验证用户凭据。 No groups etc. 没有团体等
usually either returns redirect or username(using https check)... 通常返回重定向或用户名(使用https检查)...
make sure you use SSL trust between them to verify if the service is allowed to use sso, or for service if someone is fake-ing the 'secure box'. 确保您在它们之间使用SSL信任来验证是否允许该服务使用sso,或者如果有人在伪造“安全盒”,则用于服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.