Php single sign-on to web systems-PHP Tutorial

Php enables single-point logon to the web system. Php enables single-point web system logon. as users continue to expand, more systems are built. To achieve a better user experience, you need to achieve single-point user login. The so-called single sign-on php for web system single sign-on

As users expand, more systems are built. To achieve a better user experience, you need to achieve single-point user login. The so-called single sign-on means that after a user logs on to a system, other systems do not need to log on again. The benefits of single sign-on are obvious, improving the user experience. Here are two solutions for how to implement single-point logon:

1. the same level-1 domain name is implemented through cookie sharing.

There are two sites, a.the.com and B .the.com a B. You can use both sites after logging on to either site A or B without logging on to the other site. Through cookie-based implementation, the premise is that the two systems share the first-level domain name, and the user must be uniquely identified. The first-level domain name of the above two sites is the.com. we only need to set the domain attribute of Cookie to the.com. the specific process is as follows: when a user logs on to one of the sites, set a cookie. the cookie contains the user id. to ensure security, the cookie value must be encrypted. When a user accesses another website, the user first determines whether a cookie exists. If yes, the cookie is decrypted, the user information is obtained, and the user is set to the logon status.

The following is the PHP sample code.

Function login () // normal logon

{

...... // Verify the validity of the user

$ _ SESSION ['uid'] = $ user_id;

Setcookie ('sign', encrypt ($ pass9), '', '/', 'The. com ');

}

Funtion sign ()

{

$ Sign = $ _ COOKIE ['sign'];

If (! Empty ($ sign ))

{

$ Sign = decrypt ($ sign );

... // Login successful

}

}

Note that security verification is required for encryption and decryption. However, this method is not perfect, and the two sites must have the same level 1 domain name. In addition, this method is completely cookie-based, and the security is not high enough.

2. use a dedicated logon system.

All sites share a logon system. when a user successfully logs on to one of the sites, the system calls the logon interfaces of other sites to log on to other sites, at the same time, set the corresponding login information; or when a user logs on, only the user login information is saved in the system. when the user logs on to another site, the user must request this system interface, obtains the logon information of a user. The disadvantage of the previous method is that, no matter whether the user uses other sites, those sites need to save the user status. The latter method transfers all the pressure to the logon system. To achieve a unified user exit operation, the site needs to call the exit interface for logging on to the system, and then log on to the system interface to call the exit interface for other sites; or set a flag, if this tag does not exist, it indicates that the user exits. in this case, you only need to clear the tag. if other sites find that the tag does not exist, they will know that the user has exited the system.

This method requires specifying the logon interface and logout interface between the login system and the site. Through these interfaces, sites can easily process user logon or exit:

Function login ()

{

$ Info = callLoginServer (); // access the logon server

If (! Empty ($ info) // login successful

}

// If the user does not log on, log on to the system and call the logon server interface.

Function loging () // log on to the system

{

... // Login successful

CallSeverLogin (); // notify the user to log on

}

The above is just a simple logical structure and requires specific processing for formal systems.

If you have any better methods, please join us!

With the increasing demand of users, more systems are built. To achieve a better user experience, you need to achieve single-point user login. The so-called single sign-on...