問題描述
我需要使用 cookie 在兩個不同的域之間共享 SSO 信息,這可以在 PHP 中實現嗎?如何實現?
I need to share SSO information between two different domains with a cookie, can this be done in PHP and how?
推薦答案
在兩個域上,放置從另一個域中提取的圖像或其他 Web 元素.使用 URL 通知其他域用戶 X 在域 A 上,并讓域 B 將該用戶 ID 與其系統上的該用戶相關聯.
On both domains, place an image or other web element that is pulled from the other domain. Use the URL to notify the other domain that user X is on domain A, and let domain B associate that user ID with that user on their system.
正確執行有點復雜,但如果你仔細考慮它會很有效.
It's a little complex to carry out correctly, but if you think it through it'll work out very well.
Vinko 在評論中指出(謝謝!)我不應該認為您了解所涉及的安全風險是理所當然的.如果此信息對任何人都有價值,那么您應該確保使用適當的加密、身份驗證等,以避免發布敏感信息并避免各種攻擊(重播、中間人等).這應該不會太麻煩,因為您可以控制兩個網站,并且可以為這兩個網站選擇一個安全的密鑰,因為通信僅通過這個特殊的 URL 在兩個服務器之間進行.不過請記住.
Vinko points out in a comment (thanks!) that I shouldn't take it for granted that you understand the security risks involved. If this information is of any value to anyone, then you should make sure you use proper encryption, authentication, etc to avoid releasing sensitive information and to avoid various attacks (replay, man in the middle, etc). This shouldn't be too onerous since you control both websites and you can select a secure secret key for both, since the communication is only going between the two servers via this special URL. Keep it in mind though.
-亞當
這篇關于如何在兩個不同的域中使用 cookie?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!