How PHP implements Single sign-on with multi-site shared seeion (code sample)

Source: Internet
Author: User
Tags define session

This article brings you the content is about how PHP through the sharing seeion implementation of single Sign-on (code example), there is a certain reference value, the need for friends can refer to, I hope to help you.

Recently idle to do nothing, summarize and organize the issue of single sign-on.

The basic principle of single sign-on IS: client sharing Sesionid, server side sharing session information. Through the common SessionID in the server side to obtain the same session information, can achieve single sign-on (that is, multi-site sharing user information, a login, everywhere available) purposes.

Single Sign-on is divided into two scenarios:

One, the site is deployed on the same server, and the same level two domain name is used

This case is better solved.

1, first resolve the site in the client SessionID (existence cookie) sharing problem. Use the Ini_set () function to specify the domain of the cookie, as follows:

Ini_set (' Session.cookie_domain ', '. xxxx.com ');//Set server cookie domain, XXXX is a public two-level domain name

2, the second to solve the site in the service side of the session information sharing. Because the site is on the same server, the generated session file is common and can be used to obtain the corresponding session information directly using SessionID.

Second, the site is deployed on different servers, using different domain names

This situation is more complicated, because the site in different servers using different domain names, the client can not use Ini_set to set the scope of the cookie, on the server side also generated their own session files, can not be shared, but still with the solution.

1, first resolve the client SessionID synchronization problem.

Suppose we have three sites, the domain name is aa.com,bb.com,cc.com. We set up a common login entry on the aa.com login.php, and all three Web site requests jump to that page. The code flow is as follows:

    $back = Login ($name, $pwd);//Perform login operation, successfully write to session    //If login is successful, proceed to the following procedure if    ($back) {            $sessionid = session_id () ;                    $key = Encode ($session, $keyword);//Generate Security Code        //Output A Login Success prompt page, and jump to the site to request login    }

Add the following code to the login success HTML prompt page, and use the IFRAME tag to request the site to be logged in synchronously

The set_cookie.php files for the aa.com and cc.com sites are as follows

Decrypt $keydecode ($key);//Set SessionID of the current site to sessionidsession_id ($_get[' SessionID '); Session_Start ();

2, solve the three site server-side sharing session problem.

As mentioned earlier, because three sites are not on the same server, they generate their own session files, and if they want to share them, they face a range of issues such as cross-domain. So we transform the idea, do not use the file to save the session information, but the session information to save to the database. In this way, any site can access the same session information as long as the session information is SessionID.

We create a mysql_session.php file that stores the session information to the database with the following code

$GB _dbname= "Test";                        Database name $GB _dbuser= "root";                            Database user name $GB _dbpass= "";               Database password $GB _dbhostname= "127.0.0.1";                           The name of the host or IP address $SESS _dbh= "";            Database object Session_module_name ("User"); Define session Store $sess_life=get_cfg_var ("Session.gc_maxlifetime") in user-defined manner;//To get the session's maximum expiration date, you can also customize function Sess_     Open ($save _path, $session _name) {global $GB _dbhostname, $GB _dbname, $GB _dbuser, $GB _dbpass, $SESS _dbh;     if (! $SESS _dbh=mysql_pconnect ($GB _dbhostname, $GB _dbuser, $GB _dbpass)) {echo "MySQL Error:". Mysql_error (). "";     Die ();     } if (!mysql_select_db ($GB _dbname, $SESS _dbh)) {echo "MySQL Error:". Mysql_error (). ";     Die (); } return true;     } function Sess_close () {return true;} function Sess_read ($key) {global $SESS _dbh, $SESS _life;     $qry = "Select value from db_session where Sesskey = ' $key ' and expiry >". Time ();     $qid =mysql_query ($qry, $SESS _dbh); if (List ($vAlue) =mysql_fetch_row ($qid)) {return $value; } return false; }//writes session information. The data table that holds session information is named: db_session//in addition to the primary key self-increment ID, the required fields are as follows//sesskey sessionid//values Session value//expiry Session expiration Date function SE     Ss_write ($key, $val) {global $SESS _dbh, $SESS _life;     $expiry =time () + $SESS _life;     $value = $val;     $qry = "INSERT into db_session values (' $key ', $expiry, ' $value ')";     $qid =mysql_query ($qry, $SESS _dbh);     if (! $qid) {$qry = "update db_session set expiry= $expiry, value= ' $value ' where sesskey= ' $key ' and expiry > '. Time ();     $qid =mysql_query ($qry, $SESS _dbh); } return $qid;     } function Sess_destroy ($key) {global $SESS _dbh;     $qry = "Delete from db_session where Sesskey = ' $key '";     $qid =mysql_query ($qry, $SESS _dbh); return $qid;     } function sess_gc ($maxlifetime) {global $SESS _dbh;     $qry = "Delete from db_session where expiry <". Time ();     $qid =mysql_query ($qry, $SESS _dbh); Return Mysql_affected_rows ($SESS _dbh); } session_set_save_handler ("Sess_oPen "," Sess_close "," Sess_read "," Sess_write "," Sess_destroy "," sess_gc "); 

The

then introduces the file before Session_Start () in the page that needs to use the session, and the rest is the same as usual with seesion. You will find that your assigned session has been stored in the database.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.