Php single sign-on SSO

Source: Internet
Author: User
Tags set cookie
Php single sign-on SSO single sign-on procedure:

  1. User access application a.com

  2. The application a.com is redirected to login.com (certification center) with the corresponding application address

  3. Login.com for data authentication

  4. Login.com returns to a.com with a ticket (token)

  5. A.com server obtains ticket and login.com interaction to obtain user information

  6. Show user information

Mainly:

  1. Obtain user information to control the server source

  2. Encrypt ticket

The following two types of single sign-on are available:

  • SSO logon in the same domain

    If I have a site Level 1 domain name: 58kankan.cn I require http://a.58kankan.cn and http:// B .58kankan.cn as long as one site is logged on, I can access another site. the implementation method is as follows: save the login Cookie to 58kankan.cn.

    [Php]View plaincopy

    1. Setcookie ("userName", $ uname, time () + 3600, '', '58kankan. cn ');

  • SSO in different domains

    The principle is that after logging on to a domain name, log on to the system and use the obtained user login data to request the login interfaces of other domains (for specific applications, you can use iframe or other methods to hide and submit them to other domains ), the corresponding interface returns the cookie information of the corresponding domain. in this way, when a user accesses other sites in the site group, authentication cookies are obtained in advance, thus achieving single-point logon.

    For example, sohu's single sign-on system uses this method. when a user logs on to any website under sohu, the user first logs on to the passport.sohu.com domain, after successful login, use iframe to request passport.sohu.com/sso/crossdomain_all.jsp in the domain? Action = login file, which contains some js file requests. It also requests files in the passport.sohu.com domain, which reads cookies, and the identity information is appended to redirect to other domains. Other domains write cookies based on the attached information to achieve single-domain single-point login. The same mechanism is also implemented when you exit. Although the principle is simple, it involves the privacy mechanism of the browser. in ie, you need to set a special file header to set cross-origin cookies. for details, see set the P3P header to implement cross-origin access cookies, specifically, when setting cookies on the url page after redirection, the output is as follows:

    [Php]View plaincopy

    Let's take a look at the code implementation process:

    The Success. php code is as follows:


    [Php]View plaincopy

    The Croeedomain_all.php code is as follows:

    [Php]View plaincopy

    The Crossdomain. php code is as follows:

    [Php]View plaincopy

    The setcookie. php code of the 58gou website is as follows:

    [Php]View plaincopy

    In fact, in crossdomain_all.php, you can directly set cookie information for the site you want to send. here, I just get javascript and iframe together.

    1. Header ('p3p: CP = "cao dsp cor cur adm dev tai psa psd IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi ind phy onl uni pur fin com nav int dem cnt sta pol hea pre gov" ');

    2. $ Username = $ _ GET ['username'];

    3. $ Action = $ _ GET ['action'];

    4. Switch ($ action ){

    5. Case 'login ':

    6. Setcookie ("userName", $ username, time () + 3600, "/", "58kankan.cn ");

    7. Break;

    8. Default:

    9. Setcookie ("userName", '', 0,"/"," 58kankan.cn ");

    10. Break;

    11. }

    1. If ($ _ COOKIE ['username']) {

    2. $ Username = $ _ COOKIE ['username'];

    3. $ Action = $ _ GET ['action'];

    4. $ Domain = $ _ GET ['domain '];

    5. Switch ($ action ){

    6. Case 'login ':

    7. Header ("Location: http: //". $ domain. '/setcookie. php? UserName = '. $ username.' & action = '. $ action );

    8. Break;

    9. Case 'logout ':

    10. Default:

    11. Header ("Location: http: //". $ domain. '/setcookie. php? UserName = '. $ username.' & action = '. $ action );

    12. Break;

    13. }

    14. ?>

    15. Header ("Location :/");

    16. }?>

    1. If ($ _ COOKIE ['username']) {

    2. $ Username = $ _ COOKIE ['username'];

    3. $ Action = $ _ GET ['action'];

    4. ?>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.