简体繁体 English

将会话从一个网站转移到另一个网站

[英]transfer session one website to another website

原文 2012-09-10 05:27:51 8 2 php/ session

I have moodle LMS in three different countries (Ex:India, America, Eurppe). 我在三个不同的国家（例如：印度，美国，Eurppe）都拥有moodle LMS 。 For these sites they have individual administrators . 对于这些站点，他们有单独的管理员 。 Suppose I am the main Administrator , I want to be able to manage all websites with one login . 假设我是主要管理员 ，我希望能够一次登录即可管理所有网站。

If I login in Indian LMS and select America LMS in DROP DOWN , then the session should transfer to America LMS . 如果我登录印度LMS并在DROP DOWN选择America LMS ，则会话应转移到 America LMS 。 Is there any solution for this? 有什么解决办法吗？

2 个解决方案

You're going to encounter cookie domain restrictions as your first major barrier. 您将遇到cookie域限制，这是您的第一个主要障碍。 Essentially, you can't read a login cookie (which are required for sessions to work) from a domain other than the domain that issued it, so a moodle instance at us-foo.com will never be able to read a login cookie from eu-bar.com . 本质上，您不能从发布域的其他域中读取登录cookie（会话正常运行所必需的登录cookie），因此us-foo.com上的moodle实例将永远无法从中读取登录cookie。 eu-bar.com 。

The simplest way to route around this would be to use a separate login form. 解决此问题的最简单方法是使用单独的登录表单。 On submission, use JavaScript to open hidden iFrames to the login pages of all three sites, with the username and passwords passed via GET parameters. 提交后，使用JavaScript将隐藏的iFrame打开到所有三个站点的登录页面，并通过GET参数传递用户名和密码。 Moodle may not natively support login credentials being sent with GET ; Moodle可能本身不支持使用GET发送的登录凭据； you may need to edit the login scripts. 您可能需要编辑登录脚本。

There's a forum thread about doing just this with Moodle, though - you may be in luck. 不过，有一个论坛主题涉及使用Moodle做到这一点- 您可能很幸运。

But in any case, for a login multiplexing hack like this to work it will mean you have to keep the admin username and password constant between your three sites. 但是无论如何，要使这样的登录多路复用技巧有效，就意味着您必须在三个站点之间保持管理员用户名和密码不变。 You could enforce this in the database using triggers, if they're all run from the same database; 如果它们都在同一数据库中运行，则可以使用触发器在数据库中强制执行此操作。 otherwise you'll want to alter the password changing script to write those changes to the remote databases. 否则，您将需要更改密码更改脚本以将这些更改写入远程数据库。

Is this a serious undertaking? 这是认真的吗？ Kind of. 的种类。 Unfortunately, it's not a very robust solution, and it is likely to be extraordinarily fragile when it comes to updates and the like. 不幸的是，这不是一个非常可靠的解决方案，在进行更新等操作时，它可能非常脆弱。 You may find that the best choice is to just login separately, particularly given that these hacks don't easily lend themselves to being embedded in the main login for the sites, and you'll need to use similar ad-hoc synchronization to make logging out take place across the network as well. 您可能会发现最好的选择是单独登录，尤其是考虑到这些黑客很难轻易将其嵌入网站的主登录中，并且您需要使用类似的临时同步进行登录网络上也会发生这种情况。

If your sites are subdomains of the same domain you should consider reading this: PHP Sessions across sub domains 如果您的站点是同一域的子域，则应考虑阅读以下内容：跨子域的PHP会话

To set cookie for the main domain and all subdomain. 为主域和所有子域设置cookie。 So you can read the same cookie from us.foo.com and also from eu.foo.com 因此，您可以从us.foo.com和eu.foo.com中读取相同的cookie

Plus you should have a unique user database or more than one syncronized (i'd prefer the first option anyway). 另外，您应该具有唯一的用户数据库或多个同步的数据库（无论如何我还是更喜欢第一种选择）。