Single Sign-on session control in PHP

This article mainly introduces the single-sign-on in PHP session control, has a certain reference value, now share to everyone, the need for friends can refer to

1. Simple use of the next session
Need Session_Start () to open session before using session
Write a demo to achieve the next

Create a new session.php

<?php    session_start ();//Must be turned on when used, if you have modified the configuration in php.ini, then there is no need to open the session    $_session[' username '] = ' admin ';// Store session information as a pair of data with the key username value of admin?>

Create a new getsession.php and we'll take the value.

<?phpsession_start ();//Must be turned on when used, if you change the configuration in php.ini then there is no need to open the SESSION echo $_session[' username '];// Remove the value of the username stored in the session?>

Different browsers take different values because they have different sessionid, for example, a chestnut:
I use Google Chrome to access session.php and then generate a session, then I use the same browser to access getsession.php can be taken to the value of the words, When I use the Firefox browser again to access the session.php again, and then regenerate a session, again access to getsession.php can also fetch values, but you will find that not the same value is taken, Because they are two browsers have different SessionID, if you put the Firefox sessionid to the Google SessionID to modify, then you will find that the value of their two is the same, because the session value is only recognized SessionID.

Children's shoes can try to operate, to see if this is the way.

2. Cross-domain
If we configure our own virtual hosts on our own Apache/nginx servers.
My is the Apache server, Nginx also modifies the configuration file----vhost.conf.

<virtualhost *:80>    documentroot "H:\myphp_www\PHPTutorial\WWW\sessoin"    ServerName www.test.com    Serveralias   <directory "H:\myphp_www\PHPTutorial\WWW\sessoin" >      Options followsymlinks execcgi      allowoverride all      Order allow,deny-      Require all     granted  </directory></ Virtualhost>

A virtual domain name for the www.test.com of the virtual host is set up, remember to restart Apache/nginx, otherwise the configuration does not take effect.

All we have to do now is to keep the SessionID of the two domain names consistent, for example: www.test.com and localhost, provided that they are under a server.
Now let's write a demo implementation (regardless of security and performance)

Create a user.php we're going to upload the SessionID under the current localhost to www.test.com.

<?phpsession_start ();//must first open Session$sid = session_id ();//Get to the current sessionid?><a href= "http://www.test.com/ Getsession.php?sid= <?php echo $sid;? > > Jump </a>

The jump on the direct page is going to go wrong, because we're only transmitting, and getsession.php is not receiving, so we're going to modify the getsession.php file.

<?phpif (isset ($_get[' sid ')) {//setcookie (' name ', ' value ', ' Expiration ', ' domain name '); $sid = $_get[' sid '];//setcookie (' Phpsessid ', $ SID);//Set sessionid//or we can also session_id ($SID) in another way;//Specify a Sessionid}session_start before opening session (); Echo $_session[' Username '];? >

This solves the cross-domain problem between two domain names based on SessionID consistency.

3, to achieve a single sign-on----meaning to log in under localhost under www.test.com Sync login-----cross-domain request
It is not possible to implement cross-domain requests using AJAX, and you need to use JSONP for cross-domain
Create a local file in the Session folder sibling directory to better differentiate between two domains
What we're going to do now is to get localhost and www.test.com to interoperate-----The premise of a server

Create a api.php under the session

<?php?>

Create a index.html under local

<script src= "www.test.com/api.php" ></script>  <!--JS Code is executed on the browser--

When you visit the local index.html, it will initiate two requests because the JS code inside the request www.test.com/api.php

Modify the getsession.php file under session to the following:

<?phpsession_start (); if (Isset ($_session[' uid ')) {echo "User is logged in, ID is". $_session[' uid ');} else {echo "not logged in";}? >

Copy a getsession.php under the session to local

Create a login.php file under local

<?phpsession_start (); $_session[' uid '] = 18;//store SESSION Data key is a pair of data with a UID value of 18?>

When we access login.php after accessing the getsession.php file in the current directory, the result is: The user is logged in and the ID is 18.

So what we are going to do now is to visit login.php under localhost to log in quietly and let www.test.com log in.

Modify the local login.php file to the following code:

<?phpsession_start (); $_session[' uid '] = 18;//store SESSION Data key for a pair of data with a UID value of 18 $uid = $_session[' uid '];? ><script src= "www.test.com/api.php?uid=<?php echo $uid;? > "></script>

Access localhost/local/login.php to synchronize logins, and then access localhost/local/getsession.php is already logged in

Now direct access to the www.test.com/getsession.php file is not changed, because we do not receive the session, so to modify the session under the api.php file for the following code:

<?phpsession_start (); $uid = $_get[' uid '];$_session[' uid '] = $uid;? >

In this way, you will also be prompted to log in when you visit www.test.com/getsession.php.
This allows us to use JSONP to implement cross-domain requests, and another site to log on to one site

The above is the whole content of this article, I hope that everyone's learning has helped, more relevant content please pay attention to topic.alibabacloud.com!