Three implementation methods of session cross-domain in PHP _php tips

When doing something before the session is usually directly in the database so that can solve cross-domain not only cross subdomains, but today encountered this problem is that they have to make changes in other people's existing things. As only a subdomain at that time to be sure there is a simple solution, the Niang found three kinds of solutions:

The session is mainly divided into two parts:

One is the session data, which is stored by default under the server's TMP file and is in the form of a file.

Another is to mark the session data Session Id，Session ID , is that session file file name, Session ID is randomly generated, so can guarantee uniqueness and randomness, to ensure the security session. In general, if the session's lifetime is not set, it is Session ID stored in memory, the ID is automatically logged off after the browser is closed, and once the page is requested again, a new one is registered session ID . If the client does not disable cookies, the cookie acts as a storage and role when starting session sessions Session ID Session 生存期 .

Two different domain name Web site, want to use the same session, is involved to the session cross domain problem!

By default, each server is generated for the same client separately, SESSIONID as for the same user browser, a server generates SESSION ID 11111111111, and the B server generates 222222. In addition, the PHP session data are stored separately in the file system of the server. To share session data, you have to achieve two goals:

One is that each server must be the same for the same client SESSION ID , and can be passed through the same cookie, which means that each server must be able to read PHPSESSID the same cookie;

The other is how the session data is stored/positioned to ensure that each server is accessible. The two goals are simply to share clients with multiple servers (A, b servers), and SESSION ID must also share server-side session data.

There are three ways to solve this problem:

1. The following settings are provided at the beginning of the PHP page (before any output, and before Session_Start ())

Ini_set (' Session.cookie_path ', '/');
Ini_set (' Session.cookie_domain ', '. mydomain.com ');
Ini_set (' Session.cookie_lifetime ', ' 1800 ');

2. Set in php.ini

Session.cookie_path =/
Session.cookie_domain =. mydomain.com
session.cookie_lifetime = 1800

3. Invoke function at the beginning of PHP page (condition same as 1)

Session_set_cookie_params (1800, '/', '. mydomain.com ');

The session has a Session_id unique flag as the session.

To implement the session subdomain, the session is actually the same for accessing two A and B subdomains in the same browser.

Since the session is stored on the server side, how can two servers recognize that the two requests are sent by a browser?

Cookies are stored on the client, and the server usually identifies different clients through cookies, so you can use cookies to save and Session_id set the cookie as the parent domain.

For example, when a.sso.com is accessed, it is session_id saved in a cookie. When b.sso.com is accessed, it is session_id removed from the cookie.

and get the session through session_id to a persistent container.

For example, when a.sso.com is accessed, it is session_id saved in a cookie. When b.sso.com is accessed, it is session_id removed from the cookie.

and session_id get the session by going to a persistent container.

In this experiment, PHP is used as the experimental language.

When you access a.sso.com, you will pass the

Session_Start ();
 $_session[' person '] = "Sbsbsbs";
 $session _id = session_id ();
 Setcookie (' name ', $session _id,time () +3600*24, '/', ' sso.com ');

Save the session_id in a cookie.

Because in PHP, the session is an array, PHP has serialize() functions, and the array is serialized

$session _value = serialize ($_session);

It will then be $session_value saved in the database.

When the b.sso.com is accessed, it is fetched from the cookie and then in the session_id database, based on the session_id serialized session

The session can then be manipulated to implement the session across the subdomain.

Because the session is saved in the database, access is a time-consuming operation, so you can save the session in the cache, for memcached example redis , or in the

This allows access to the session to be more rapid.

There is also the advantage of using caching is that the session has a certain survival time, if there is a database, you need to save the session's survival time, when the session is taken out, but also to determine whether it is invalid.

Using the cache memory session can set its survival time at the time of storage, reducing the failure judgment after the removal process.

My workaround is to add the following code to the entry:

Ini_set (' Session.cookie_path ', '/');

 Ini_set (' Session.cookie_domain ', '. jb51.net '); Note that jb51.net is replaced with your own domain name

ini_set (' Session.cookie_lifetime ', ' 1800 ');

As shown in figure:

Site A

Site Two

Can see two sites are the PHPSESSID same, of course, also solve the problem of cross-subdomain

The above is the session in PHP to achieve a cross-subdomain several solutions, hoping to help everyone in need.