Three methods for cross-subdomain session implementation in PHP: session subdomain

Three methods for cross-subdomain session implementation in PHP: session subdomain

When I was doing something before, the session usually exists directly in the database so that it can solve the cross-domain issue not only, but today this problem is, you must modify the existing items of others. Since there was only a simple solution to the subdomain, du Niang found three solutions:

Sessions are divided into two parts:

One is Session data, which is stored in the tmp file of the server by default and exists as a file.

The other is indicating Session data.Session Id，Session IDIs the name of the Session file,Session IDIt is generated randomly. Therefore, uniqueness and randomness can be ensured, and Session security can be ensured. Generally, if the Session lifecycle is not setSession IDStored in memory. After the browser is closed, the ID is automatically deregistered. After requesting the page again, register a newsession ID. If the client does not disable the Cookie, the Cookie is stored when the Session is started.Session ID AndSession lifetime.

If you want to use the same Session for two different domain name websites, the cross-domain Session issue is involved!

By default, each server generatesSESSIONIDFor example, server A generatesSESSION IDIt is 11111111111, while server B generates 222222. In addition, the SESSION data of PHP is stored in the file system of the current server. To share SESSION data, you must achieve the following two goals:

One is generated by each server on the same client.SESSION IDMust be the same, and can be passed through the same COOKIE, that is, each server must be able to read the same namePHPSESSID ;

The other is the storage mode/location of SESSION data, which must be accessible to all servers. These two goals are simply the shared client of multiple servers (server A and server B ).SESSION IDYou must also share SESSION data on the server.

There are three solutions:

1. Make the following settings at the beginning of the php page (before any output and before session_start ()

ini_set('session.cookie_path', '/');ini_set('session.cookie_domain', '.mydomain.com');ini_set('session.cookie_lifetime', '1800');

2. Set in php. ini

session.cookie_path = /session.cookie_domain = .mydomain.comsession.cookie_lifetime = 1800

3. Call the function at the beginning of the php page (condition 1)

session_set_cookie_params(1800 , '/', '.mydomain.com');

Session hasSession_idAs the only identifier of a session.

To implement the Session subdomain, the session is the same when two subdomains A and B are accessed in the same browser.

Since sessions are stored on the server side, how can two servers identify the two requests sent by a browser?

Cookies are stored on the client. The server uses cookies to identify different clients. Therefore, cookies can be used to store cookies.Session_idAnd set the Cookie as the parent domain.

For example, when accessing a.sso.comsession_idSave in Cookie. When B .sso.com is accessedsession_idRetrieve from Cookie,

Use session_id to get the Session from a persistent container.

For example, when accessing a.sso.comsession_id Save in Cookie. When B .sso.com is accessedsession_idRetrieve from Cookie,

And passsession_idObtain the Session from a persistent container.

In this experiment, PHP is used as the lab language.

When accessing a.sso.com
 

session_start(); $_SESSION['person'] = "SBSBSBS"; $session_id = session_id(); setcookie('name',$session_id,time()+3600*24,'/','SSO.com');

Save session_id in the cookie.

In PHP, session is an array, and PHP hasserialize() Function to serialize Arrays

$session_value = serialize($_SESSION);

Then$session_valueSave it to the database.

When B .sso.com is accessed, it is obtained from the cookiesession_idAnd then go to the database accordingsession_idObtain the serialized session

Then, the session can be operated to implement cross-subdomains of the session.

Since the session is stored in the database, the access is time-consuming, so you can save the session in the cache, for examplememcachedOrredisMedium,

In this way, the access to the session is faster.

The advantage of using the cache is that the session usually has a certain survival time. If the session exists in the database, you also need to save the session survival time. When the session is retrieved, you also need to determine whether it is invalid.

By using the cache to store sessions, you can set the survival time when storing the session, reducing the process of determining whether the session is invalid after being retrieved.

My solution is to add the following code in the portal:

Ini_set ('session. cookie_path ','/'); ini_set ('session. cookie_domain ',' .jb51.net '); // replace jb51.net with your own domain name ini_set ('session. cookie_lifetime ', '123 ');

Site 1

Site 2

 

You can seePHPSESSIDYes. Of course, it also solves the problem of cross-subdomain names.

The above are several solutions for implementing cross-subdomain in PHP session, hoping to help everyone in need.