PHP single-point login implementation solution

Introduction: This is a detailed page of PHP single-point login implementation solution. It introduces PHP, related knowledge, skills, experience, and some PHP source code.

Class = 'pingjiaf' frameborder = '0' src = 'HTTP: // biancheng.dnbc?info/pingjia.php? Id = 323140 'rolling = 'no'>

Abstract:

This article mainly introduces the use of WebService, session, Cookie technology to analyze and design a universal Single Sign-on system. The specific implementation language is Php. Single Sign On (SSO) is an important part of the comprehensive processing of network business users. The SSO definition is that in multiple application systems, users only need to log on once to access all mutually trusted application systems.

Motivation:

If you have used uctenter for full-site logon, you should know that this is a typical observer solution. As a subject, the user center registers and deletes its observer in the background of the ucenter. Each sub-application site corresponds to an observer. Every time you log on to the user center, the JS script is triggered to call back the W3C standard sub-station logon interface (API/UC. php ).

I think there are two main disadvantages of this method: 1. when the number of sub-sites is too large, the number of callback interfaces increases accordingly. In terms of the number of sub-sites distributed, how to control the login efficiency is not too low and difficult to grasp; 2. when a sub-station callback interface encounters a problem, the default logon process gets stuck (you can restrict LogonProgramBut the callback interface of the sub-station after the sub-station fails to be called.

Based on the above problems, I designed another single sign-on system in the actual development process.

1. logon principles

Technical Implementation Mechanism of Single Sign-On: when a user accesses Application System 1 for the first time, the user is directed to the authentication system for Logon because the user has not logged on. Based on the login information provided by the user, the authentication system performs identity verification. If the authentication succeeds, a ticket credential should be returned to the user. When the user accesses another application, the ticket will be taken, as your authentication credential, the application system sends the ticket to the authentication system for verification after receiving the request to check the validity of the ticket. After verification, you can access application system 2 and Application System 3 without having to log on again.

We can see that the following main functions are required to implement SSO:

A) All application systems share an Identity Authentication System;

B) all application systems can identify and extract ticket information;

C) The application system can identify users who have logged on, and automatically determine whether the current user has logged on to the system to complete the single sign on function.

Based on the above basic principles, I have designed a single sign-on system program in PHP language, which has been put into operation by generating servers. The system program uses the unique session ID of the whole system as the media to obtain the full site information of the current online user (LOGIN status information and other user full site information to be processed ).

Ii. Process description:

Login process:

1. log on to a website for the first time:

A) The user enters the user name and password and sends a Logon Request to the user verification center.

B) currently logged on to the site. The user verification center verifies the validity of the user name and password through the WebService request. If the verification succeeds, a ticket is generated to identify the user of the current session, and the site identifier of the current sub-site is recorded in the user center.

C) return the obtained user data and ticket to the sub-site. If the verification fails, the corresponding error status code is returned.

D) according to the results returned by the WebService request in the previous step, the current sub-station logs in to the user. If the status code indicates that the request is successful, the current site saves ticket through the cookie on this site, this site also records the user's logon status. The Status Code indicates that the logon fails.

2. log on to another sub-account:

A) Verify the user's logon status through the site cookie or session: If the verification succeeds, the user enters the normal site processing program; otherwise, the user center verifies the user's logon status (send ticket to the user verification center ), if the verification succeeds, the returned user information is logged on locally. Otherwise, the user is not logged on.

Logout process

A) The current logout site clears the logon status of the user site and the unique random ID of the local user site

B) Use the WebService interface to clear the unique random ID of the whole site. The WebService interface will return, logging out the JavaScript code of other logged-on sub-sitesCodeThis code is output on this site.

C) access the W3C standard logout script of the corresponding site using JS Code

Iii. Code Description:

The Code involved in this article has been packaged and uploaded. If you are interested, click Download at the last download link of this article.

More articles on "php single-point login implementation solution"

Love J2EE follow Java Michael Jackson video station JSON online tools

Http://biancheng.dnbcw.info/php/323140.html pageno: 16.