在两个网站之间共享 Session
[英]Share Session Between Two Websites
问题描述
Hi thanks in advance...
嗨提前谢谢...
I am Working on a Project, I need some clarification to share data between two sites in a high secure manner.我正在做一个项目,我需要一些说明才能以高度安全的方式在两个站点之间共享数据。 Currently I am using Form Post to share data.目前我正在使用 Form Post 来共享数据。 But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure.但我考虑是否可以选择从站点 2 获取站点 1 会话数据,因为我认为使用 session 更安全。 I don't know how to use a sessions between two sites, but I hope someone here will know.我不知道如何在两个站点之间使用会话,但我希望这里有人知道。
Like this:像这样:
Site 1 Coding站点 1 编码
$_SESSION['customer_id'] = 'XYZ';
$_SESSION['total_amount'] = '100';
<a href=https://site2.com/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>
Site 2 Code in do.php站点 2 代码在 do.php
$session_id = $_REQUEST['session_id'];
$shared_data = bla_bla_bla_function($session_id);
$customer_id = $shared_data['customer_id'];
$total_amount = $shared_data['total_amount'];
or is there any way to do the secure data sharing between two website other than form post, please tell me.或者有什么方法可以在两个网站之间进行安全数据共享,而不是表单发布,请告诉我。
Thank you谢谢
Yours,你的,
Kaartikeyan R卡蒂克扬 R
Found Solution找到解决方案
I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.我已通过 CURL 将客户 ID 和金额发送到第二个网站,为此在表中创建一个记录并使用记录 ID 生成加密 ID,并返回加密 ID。
So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.因此,在第一个网站中,我获得了加密 ID,并将其用于 URL 重定向到第二个网站。
On the Second Website with the Encrypted ID i get the Customer ID and Amount.在具有加密 ID 的第二个网站上,我得到客户 ID 和金额。
2 个解决方案
解决方案1
17 已采纳 2011-07-13 12:54:24
Urk.乌尔克。 First off, never, EVER do this:首先,永远不要这样做:
$session_id = $_REQUEST['session_id'];
This causes a security truck-hole we refer to as 'session fixation' ( read more: http://en.wikipedia.org/wiki/Session_fixation ).这会导致我们称之为“会话固定”的安全卡车漏洞(阅读更多: http://en.wikipedia.org/wiki/Session_fixation )。
It seems you're pretty heavy on security.看来您对安全性非常重视。 If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:如果你需要从站点 1 到站点 2 共享数据,你应该通过一个单一的消费桥来完成:
1). 1)。 Click on a link on Site 1 to a handler file, let's call it redir.php.单击站点 1 上指向处理程序文件的链接,我们将其命名为 redir.php。
2). 2)。 Redir.php first checks the existing session data. Redir.php 首先检查现有的 session 数据。
3). 3)。 Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false. Redir.php 将相关信息连同某种标识符(例如,用户 ID + '_'+ 当前时间的 MD5 hash)一起写入 DB 行,加上一个 'consumed' 标志,设置为 false。
4). 4)。 Redir.php does a 301 redirect to Site 2, along with the identifier. Redir.php 执行 301 重定向到站点 2,以及标识符。
5). 5)。 Site 2 reads the relevant row out of the DB.站点 2 从数据库中读取相关行。
6). 6)。 If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.如果数据良好且尚未“消费”,则返回成功并将数据标记为已消费。
7). 7)。 If the data has been consumed, throw some sort of error.如果数据已被消耗,则抛出某种错误。
There are more complex ways of doing this, but I think this handles what you're trying to do.有更复杂的方法可以做到这一点,但我认为这可以处理你想要做的事情。
解决方案2
1 2011-07-13 12:54:19
you could use a common session backend for both sites, eg.您可以为两个站点使用通用的 session 后端,例如。 store the session in a database将 session 存储在数据库中
to replace the built-in file backend you can use the function session_set_save_handler要替换内置文件后端,您可以使用 function session_set_save_handler
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.