在 Apache 虚拟主机之间传输会话数据
如何将 PHP 会话数据从一个 Apache 虚拟主机传递到另一台?我当前正在运行 Apache 2.2.17 和 PHP 5.3.3,并且我已经设置了一台主机来管理单点登录应用程序,我需要将其传递给运行单独应用程序的另外两台虚拟主机。这是我打算进一步开发的东西,但目前传递会话数据将是最简单的。
目前,此代码在 SSO 子域 auth.domain.com 中创建第一个会话,然后将用户传递回应用程序界面 app.domain.com(已被修剪):
$user = new User;
$user->set_user_session();
Header("Location: $redirectURL");
exit;
服务器完全由私人管理,因此多用户安全性不高不用担心。但是,如果有人发现除此之外的任何安全问题,请告诉我。如果您知道更好的方法,请分享,我将进一步研究。我很感激你的帮助。
How do I pass PHP session data from one Apache virtual host to another? I am currently running Apache 2.2.17 and PHP 5.3.3 and I've set up one host to manage a single sign-on application and I need to pass this to two other virtual hosts that are running separate applications. This is something I intend to develop further, but for now passing session data would be the easiest.
Currently this code creates the first session in the SSO subdomain auth.domain.com and then passes the user back to the application interface app.domain.com (has been trimmed):
$user = new User;
$user->set_user_session();
Header("Location: $redirectURL");
exit;
The server is entirely managed privately so multi-user security isn't a worry. However, if anyone sees any security issues beyond that please let me know. If you know of a better methodology please share and I will research it further. I appreciate the help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
据我所知,PHP 会话(默认情况下)不支持虚拟主机:您需要将会话 ID 作为重定向的一部分传递,然后将其设置在其他虚拟主机中。所以类似:
然后在重定向的目标中:
尝试一下并让我知道它是如何工作的。
As far as I'm aware, PHP sessions are not (by default) virtual-host aware: you would need to pass the session ID as part of the redirect and then set it in the other virtual host. So something like:
And then in the target of the redirect:
Try that and let me know how it works.
共享会话
如果您正在谈论子域(未指定),您可以将 cookie 域设置为域,以便会话 ID 作为 cookie 在它们之间传递
session_set_cookie_params(0, '', '.domain.com ');因此,
my.domain.com和your.domain.com都会获取.domain.com的 cookie >无论选择哪一个您可以使用共享数据库或 Redis 存储来进行共享会话管理。 (通过会话存储在服务器之间共享数据)
Shared Sessions
If you are talking about subdomains (not specified) you may be able to set the cookie domain to just the domain so that the session ID is passed as a cookie between them
session_set_cookie_params(0, '', '.domain.com');so,
my.domain.comandyour.domain.comboth would get the cookie for.domain.comWith either option in place you could use a shared database or redis storage for shared session management. (share data between servers via Session storage)