How does the PHP session implement cross-subdomain?

Source: Internet
Author: User
Tags session id php session subdomain

cross-domain issues are often used in cooike and sessions, but php is relatively simple for subdomain processing, and we have a number of ways to below to tidy up , I hope that everyone's php learning to help it .

The Session is divided into two main parts:

one is Session data, which, by default, is stored under the server's tmp file and is in the form of a file.

another is to mark Session ID, sessionID,is the file name of the session file, Session IDs are randomly generated, so uniqueness and randomness can be guaranteed, ensuring session security. In general, if the session 's lifetime is not set, the session ID is stored in memory, and the ID is closed after the browser automatically log off, re-request the page, re-register a Session ID . If the client does not disable cookies, the cookie acts as a storage when the session is started session ID and The role of Session lifetime.

two different domain sites, want to use the same Session, is involved in the session cross-domain problem!

by default, each server generates  sessionid for the same client individually, such as for the same user browser, a  Server-generated SESSION id  is   11111111111 , and b  the server generated 222222 . In addition, the php    SESSION data are stored separately on the file system of the server. To share   session  data, you must achieve two goals:

one is generated by each server on the same client The SESSION ID must be the same and can be passed through the same COOKIE , which means that each server must be able to read the same name as phpsessid Cookies ; the other is SESSION How data is stored / the location must ensure that each server has access to it. These two goals are simply that multiple servers (A,B servers ) share the client's Session ID, and the server-side session data must also be shared .

There are three ways to solve this problem:

1. just at the beginning of the PHP page (before any output, and in session_start () Before), place the following settings :

ini_set(' Session.cookie_path ', '/');

ini_set(' Session.cookie_domain ', '. baidu.com ');

ini_set(' Session.cookie_lifetime ', ' 1800 ');

2. set in php.ini

Session.cookie_path =/

session.cookie_domain =. baidu.com

session.cookie_lifetime = 1800

3. Call the function at the beginning of the PHP page (condition same as 1)

session_set_cookie_params (1800, '/', '. phpfensi.com ');

The session has a session_id as The only sign of the session.

to implement Session subdomain, in fact, in the same browser when access to two a and B subdomains, its session is the same.

since the session is saved on the server side, how do you make the two servers recognize that the two requests were sent by a single browser?

Cookies are stored on the client side, and the server usually uses cookies to identify different clients, so cookies can be used to save session_id, and put the Cookies set to the parent domain.

For example, when accessing a.sso.com , session_id is saved in a Cookie . When accessing b.sso.com , the session_id is removed from the Cookie ,

and get the session through session_id to a persistent container .

For example, when accessing a.sso.com , session_id is saved in a Cookie . When accessing b.sso.com , the session_id is removed from the Cookie ,

and get the session through session_id to a persistent container .

in this experiment, the use of PHP to be used as an experimental language.

when a.sso.com is accessed , the

session_start ();

$_session[' person '] = "Sbsbsbs";

$session _id = session_id ();

Setcookie (' name ', $session _id,time () +3600*24, '/', ' sso.com ');

Save the session_id in a cookie .

since the in PHP,thesession is an array, andphp has a serialize () function that serializes the array

$session _value = serialize ($_session);

The $session _value is then saved in the database.

when accessing b.sso.com , the session_idis obtained from the cookie and then to the database in accordance with the session_id the serialized session .

the session can then be manipulated to implement the session across subdomains.

since the session is stored in the database, access is a relatively time-consuming operation, so you can save the session in the cache, for example memcached or redis ,

This allows the session to be accessed more quickly.

Another advantage of using caching is that the session usually has to survive, and if there is a database, it needs to save the session 's survival time, Session , you also need to determine whether it is invalid.

using the cache to store The session can be stored at the time of the time to set its survival, reduce the failure after the removal of the process of judgment.

Article Source: PHP station Chinese web

How does the PHP session implement cross-subdomain?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.