stackoom
  简体   繁体   中英

How to check whether a user is logged in on another domain?

 原文  2012-07-14 18:45:35       php/ session/ cookies

Question

I would like to build a community page for a browser game community (the browser game is not mine, so I can not add any code). Now I would like to check on my website whether the user is logged in into the browser game. Only in that case the user should be able to see the content. Since you cannot read cookies, which were set on another domain, is there any possible way to achieve this?

2 answers

solution1
 3  2012-07-14 18:53:41

You can use something like a CAS. Central Authentication Server, where, when the session is not set for the first domain, it would be like this:

Domain example.net : 

<?php
session_start();
if(!isset($_SESSION["user"]))
{
    header('Location: http://auth.example.com/?from=example.net');
    die();
}
// Rest of the content!
?>

And for the domain auth.example.com : 

<?php
session_start();
if(!isset($_SESSION["user"]))
{ ?>
    <!-- form to get login credentials -->
<?php } else {
     if(isset($_GET["from"]) && isset($_SESSION["user"]))
         header('Location: http://example.net/auth.php?authcode=' . yourEncryptFunction($_SESSION["user"]));
} ?>

Hope this helps! :)

solution2
 0  2012-07-14 18:56:31

If you control both domains, you can do so. A simple but nonsecure approach would be to use JavaScript to breach same-origin policy. Have a simple script running in your browser game like: 

<?php
$info = array(
    'isLoggedIn' => $_SESSION['isLoggedIn'],
    'loggedInAs' => $_SESSION['userName']
    );
echo "gameInfo = ".json_encode($info).";";

On your community page, you can use JavaScript to determine if they are logged in: 

<script src="http://gamesite.com/jsGameStatus.php"></script>
<script>
alert(gameInfo.isLoggedIn 
    ? 'Logged In as '+gameInfo.loggedInAs 
    : 'Not logged in');
</script>

Again, not super secure (someone could fudge those values). If you want something more secure, you're going to need to be able to tie the two sides together in some way - your community users accounts are going to have to know what their game account IDs are, and then you can use a simple remote call from the community site to know whether the game user is logged in or not.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check whether user is logged in another domain How to check whether user is logged in on another site? How to check whether the user is logged in? Check whether user is logged in or not Check whether a user is logged in How to Check whether the user logged in and Redirect Accordingly How to check whether to show the login form or [logged in] user details? laravel 4.2 How to check whether any user is logged in multi auth How to check whether user logged in wordpress site from Yii? How to check whether the user is already logged in on different ip/locations
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM