PHP implementation of web system single sign-on

Source: Internet
Author: User
Tags decrypt php sample code


With the increasing demands of users, more systems are being built. In order to get a better user experience, you need to implement a single sign-on. A single sign-on is when a user logs on to a system and the other system does not need to log on again. The benefits of single sign-on are obvious and improve the user experience. How to achieve a single sign-on, where I offer two kinds of solutions:



1. The first level domain name is same, by sharing the cookie to realize



There are a.the.com and b.the.com a B two sites, as long as a,b any one site login, two sites can be used, do not need to log on to another site. Based on the implementation of cookies, the premise is that two systems share a domain name, and users should be uniquely labeled. Above two sites of the first level domain name is the.com, we only need to set the domain property of the cookie to the.com; The process is as follows: When a user logs in at one of these sites, a cookie message is set, which contains the identity user ID, for security , you also need to encrypt the value of the cookie. When users visit other sites, first determine whether there is a cookie, if any, then decrypt the cookie, get the user information, set the user for login status.



Here is the PHP sample code



function login ()//Normal Login



{



... Verify the legality of the user.



$_session[' uid ' = $user _id;



Setcookie (' sign ', encrypt ($pass 9), ', '/', ' the.com ');



}



Funtion sign ()



{



$sign = $_cookie[' sign '];



if (!empty ($sign))



{



$sign = Decrypt ($sign);



...///login successful!.



}



}



Here is the need to note: Encryption and decryption must be done security verification. But this method is not perfect, two sites must have the same level of domain name, and this is completely based on cookies, the security is not high enough.



2. Use a dedicated login system.



All sites share a login system; When a user succeeds in one of the sites, the system invokes the login interface of the other site, completes the user's login at the other site, sets the appropriate login information, or only saves the user's logon information on the system when the user logs on to the other site. The system interface must be requested to about whether the user is logged on. The disadvantage of the previous approach is that those sites need to save user status regardless of the user's use of other sites, and the latter method shifts all the pressure to the login system. If you want to achieve the user to exit the unified operation, it will require the site to call the login system exit interface, and then log on to the system interface calls other sites exit interface, or set a tag, if the tag does not exist then the user exits, as long as the mark is clear, Other sites found that the indicator does not exist to know that the user has exited the system.



This type of processing requires the login system and between the site to specify the logon interface, and logout interface. Through these interfaces, a site can easily handle user login or exit:



function Login ()



{



$info = Callloginserver (); Accessing the login server



if (!empty ($info))//Login succeeded



}



User is not logged in, log in and invoke Login server interface in this system



function loging ()//This system login



{



.../Login Successful



Callseverlogin ()//notify the user to log in



}



The above is just a simple logical structure that requires specific processing for a formal system.



If you have a better way, welcome to discuss together!


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.