PHP cross-domain, cross-subdomain, cross-server login method detailed

How can I read session logins across domains, across subdomains, or across servers through PHP? This article for everyone to make a detailed introduction, there is a need for friends, you can refer to the next.

PHP across subdomains and across servers

The session is divided into two main parts:

One is session data, which is stored in the server's TMP file by default, and is in the form of a file.

The other is the session Id,session ID that indicates session data, that is, the file name of the session file, the session Id is randomly generated, so it can guarantee uniqueness and randomness, ensure the security of the session. In general, if the lifetime of the session is not set, the session ID is stored in memory, the ID is automatically logged off after the browser is closed, and a session ID is re-registered after the page is re-requested. If the client does not disable cookies, the cookie plays the role of storing the session ID and session lifetime when the session is started.

Two different domain name website, want to use the same session, is involved in the session cross-domain problem!
By default, each server generates SESSIONID for the same client, for example, for the same user browser, the SESSION ID generated by a server is 11111111111, while the B server generates Jbxuejbxue. In addition, the session data of PHP is stored separately in the file system of this server. To share SESSION data, you must achieve two goals:

One is that each server generates the same session ID for the same client and can be passed through the same cookie, which means that each server must be able to read the same cookie named Phpsessid, and the other is how the session data is stored The location must ensure that each server has access to it. These two goals are simply the session ID of the multi-server (A, b Server) shared client, and must also share the session data on the server side.

The implementation of the first goal is actually very simple, only need to set the domain of the cookie Special (Setcookie () function of the 4th parameter), by default, the domain of the cookie is the domain name/IP address of the current server, and the domain is different, Cookies set by each server are not accessible to each other.

1) Cross-subdomain
In this way, cross-domain does not work, but the same subdomain can, such as: Aaa.jbxue.com and www.jbxue.com belong to the domain. Jbxue.com is OK, then we can set the COOKIE domain to. jbxue.com, so Aaa.jbxue.com, www.jbxue.com, and so on can access this cookie. The purpose of each server sharing the same client SESSION ID is achieved.

1. The following settings are provided at the beginning of the PHP page (to be preceded by any output and before session_start ())

Ini_set (' Session.cookie_path ', '/'); Ini_set (' Session.cookie_domain ', '. mydomain.com '); Ini_set (' Session.cookie_ Lifetime ', ' 1800 ');

2. Set in php.ini

Session.cookie_path =/session.cookie_domain =. Mydomain.comsession.cookie_lifetime = 1800

3, in the beginning of the PHP page (condition same as 1) Call function

Session_set_cookie_params (1800, '/', '. mydomain.com ');

These three ways are the same effect.

Here I use the first method set, respectively in www.mydomain.com and sub.mydomain.com two domain name to test.
sub1.php

sub2.php

Access Order:
(1) www.mydomain.com/sub1.php
Page output: Array ([sub1] = sub1)

(2) sub.mydomain.com/sub2.php
Page output: Array ([sub1] = sub1 [SUB2] = sub2)

Success

The second target implementation can use the database to save session data, so that each server can easily access the same data source, get the same session data, or through file sharing, such as NFS (my other articles have how to configure NFS)
If you use the database to store SESSION data, there may be a legacy problem, that is, if the site is a large number of visits, session read and write will be frequently on the database operation, you can put this in the memcache. stored in the database in front of the article has been implemented. The idea of combining databases with Memcache is in front of them. If it is not very good to store the session alone with Memcache, it is best to combine with the database.

2) cross-domain resolution
Ideas:

Use Jsonp cross-domain method to obtain the login encryption information of another domain, and realize the domain logon.
Or with an IFRAME, but ff/ie is not supported, so you need to precede the P3P protocol.

P3P (Platform for Privacy Preferences Project), is a protocol that declares it to be a good person, allowing the collection of browser user behavior.
But in reality, everyone can say that they are good people, secretly maybe do what bad things.
This is where the differences lie. [Reference] Most of the domestic sites, are not concerned about this P3P. Privacy issues may not be valued abroad (Microsoft's privacy statement).

The first thought is to operate cookies through JS and let two different domains of cookies can access each other, so that can achieve the above effect.

The following is a specific implementation process, in two steps:
1, after the successful login in a system, using JS dynamic Create a hidden iframe, through the SRC attribute of the IFRAME, the cookie value under a domain is redirected to the b.jsp page under the B system as a get parameter;

    var _frm = document.createelement ("iframe");      _frm.style.display= "None";      _FRM.SRC = "http://www.jbxue.com/setcookie.php?mycookie=xxxxx";//here XXX Best code      

2, in the setcookie.php page of the B system to obtain the value of the cookie passed in a system, and the obtained value is written to the user's cookie, of course, the domain is their own, so that the simple implementation of the cookie cross-domain access; But there is one problem to be aware of, is in IE browser such operation can not succeed, need to set the P3P HTTP header in the setocokie.php page can be solved (detailed information can refer to: http://www.w3.org/P3P/), P3P Setup code:

Header (' p3p:cp= ' CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR "');//ecshop so set

