如何针对跨域的PHP会话ID验证Socket.IO
[英]How to authenticate Socket.IO against PHP session id across domains
问题描述
I have a node/Socket.IO setup on node.mydomain.com, and a Apache/PHP stack on www.mydomain.com. 
我在node.mydomain.com上有一个node / Socket.IO设置,在www.mydomain.com上有一个Apache / PHP堆栈。
Presently I'm doing authentication with something like this: 目前我正在使用以下内容进行身份验证:
- Client : on connect, send a custom
authorizationevent that includes PHPSESSID to the server客户端 :在连接时,将包含PHPSESSID的自定义authorization事件发送到服务器 - Server : on
authorization, make a call toapi.phpusing this cookie to get user information, send client this identity information服务器 :在authorization,使用此cookie调用api.php获取用户信息,向客户端发送此身份信息 - Client : can now perform actions using this identity 客户端 :现在可以使用此标识执行操作
This is a bit kludgy since Socket.IO has a place for authentication ( On this wiki ) which I would like to use. 这是有点kludgy,因为Socket.IO有一个认证的地方( 在这个维基上 )我想使用。 The problem is that I don't know how to send the PHPSESSID cookie information from the client to the server. 问题是我不知道如何将PHPSESSID cookie信息从客户端发送到服务器。 They're on different domains, so the browser doesn't include them in the request. 它们位于不同的域中,因此浏览器不会将它们包含在请求中。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
1 2012-04-21 19:59:19
I would recommend switching session handling and use Redis instead, which is also faster than the default file based session handling. 我建议切换会话处理并使用Redis,这也比基于默认文件的会话处理更快。
First install the Redis server . 首先安装Redis服务器 。 After that you add the phpredis extension to PHP by first compiling it and then configuring your php.ini to use it. 之后,通过首先编译它然后配置php.ini来使用它,将phpredis扩展添加到PHP。
extension=redis.so
session.save_handler = redis
session.save_path = "tcp://localhost:6379/"
From Node.js you can then read these sessions using the node_redis module. 然后,您可以使用node_redis模块从Node.js读取这些会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.