SSO in different domains
The principle is that after logging on to a domain name, log on to the system and use the obtained user login data to request the login interfaces of other domains (for specific applications, you can use iframe or other methods to hide and submit them to other domains ), the corresponding interface returns the cookie information of the corresponding domain. in this way, when a user accesses other sites in the site group, authentication cookies are obtained in advance, thus achieving single-point logon.
For example, sohu's single sign-on system uses this method. when a user logs on to any website under sohu, the user first logs on to the passport.sohu.com domain, after successful login, use iframe to request passport.sohu.com/sso/crossdomain_all.jsp in the domain? Action = login file, which contains some js file requests. It also requests files in the passport.sohu.com domain, which reads cookies, and the identity information is appended to redirect to other domains. Other domains write cookies based on the attached information to achieve single-domain single-point login. The same mechanism is also implemented when you exit. Although the principle is simple, it involves the privacy mechanism of the browser. in ie, you need to set a special file header to set cross-origin cookies. for details, see set the P3P header to implement cross-origin access cookies, specifically, when setting cookies on the url page after redirection, the output is as follows:
[Php]View plaincopy
Let's take a look at the code implementation process:
The Success. php code is as follows:
[Php]View plaincopy
The Croeedomain_all.php code is as follows:
[Php]View plaincopy
The Crossdomain. php code is as follows:
[Php]View plaincopy
The setcookie. php code of the 58gou website is as follows:
[Php]View plaincopy
In fact, in crossdomain_all.php, you can directly set cookie information for the site you want to send. here, I just get javascript and iframe together.