Laravel:在多个域上共享会话数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26821648/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel: share session data over multiple domains
提问by Luuk Van Dongen
I'm building a multi-domain/multi-store ecommerce application in Laravel and would like to keep the user logged in when he or she changes from store to store.
我正在 Laravel 中构建一个多域/多商店电子商务应用程序,并希望在用户从商店更改到商店时保持登录状态。
But for as far as I know Laravel's Auth service saves the logged in user in the session and the sessions can't be accessed by other domains.
但据我所知,Laravel 的 Auth 服务将登录用户保存在会话中,并且其他域无法访问会话。
Is there a way (maybe a package) to achieve this, without leaving my application prone to possible security problems?
有没有办法(可能是一个包)来实现这一点,而不会让我的应用程序容易出现可能的安全问题?
Thanks in advance!
提前致谢!
采纳答案by Sharath TS
- Capture the session id
Session::getId()in Domain A - send the captured session id via HTTP POST to Domain B
- Access the sent session id in domain B
$sessionid_from_domainA = $_POST['session_from_A'] - Set session in domain B
Session::setId($sessionid_from_domainA) - Start Session in domain B
Session::start()
- 捕获
Session::getId()域 A 中的会话 ID - 通过 HTTP POST 将捕获的会话 ID 发送到域 B
- 访问域 B 中发送的会话 ID
$sessionid_from_domainA = $_POST['session_from_A'] - 在域 B 中设置会话
Session::setId($sessionid_from_domainA) - 在域 B 中启动会话
Session::start()
回答by mateos
On domain A create an image like so
<img src="https://DOMAINB.com/setcookie?id={{ Session::getId() }}" style="display:none;" />On Domain B create a Route like so:
在域 A 上创建一个像这样的图像
<img src="https://DOMAINB.com/setcookie?id={{ Session::getId() }}" style="display:none;" />在域 B 上创建一个路由,如下所示:
.
.
Route::get('setcookie', function(){
Session::setId($_GET['id']);
Session::start();
return 'Cookie created';
});`
- Done, Now you should be able to get your user by
$user = Auth::User;
- 完成,现在你应该能够让你的用户通过
$user = Auth::User;
回答by Chirag Prajapati
If you want to share the session between multiple subdomains in that case you have to set the domain name config/session.php has set the domain name.
如果要在多个子域之间共享会话,则必须设置域名 config/session.php 已设置域名。
Example: if you have new.example.com and test.example.com so you have to set the domain name as example.com
示例:如果您有 new.example.com 和 test.example.com 那么您必须将域名设置为 example.com
'domain' => env('SESSION_DOMAIN_URL','.example.com')
Solutions there worked for me, specifically setting the domain and then clearing my browser cookies & cache.
那里的解决方案对我有用,特别是设置域,然后清除我的浏览器 cookie 和缓存。
回答by CatZ
I am working on something like that too a single sign-on system, still working to find a solution, but here is a start http://laravel.io/forum/03-14-2014-multiple-domains-how-to-share-login
我也在研究类似的单点登录系统,仍在努力寻找解决方案,但这里是一个开始http://laravel.io/forum/03-14-2014-multiple-domains-how-to -共享登录
On laravel you can change the /app/config/session.php driver to cookie
在 Laravel 上,您可以将 /app/config/session.php 驱动程序更改为 cookie
Edit:
编辑:
This is what I have done.
这就是我所做的。
You can share cookie accross domains using pixel images. For example when you login on domain1.com you want to create a cookie on domain2.com, right after login on domain1.com you need to have something like this
您可以使用像素图像跨域共享 cookie。例如,当您登录 domain1.com 时,您想在 domain2.com 上创建一个 cookie,在登录 domain1.com 后,您需要有这样的东西
<img src="http://www.domain2.com/create-cookie?param=hash">
on domain2.com the route above:
在 domain2.com 上面的路线:
- will check first if a user is logged in
- if its not logged in will read the hash (for example email address), check if there is a user with that email, and login it there, also set a cookie
- 将首先检查用户是否登录
- 如果它没有登录将读取哈希值(例如电子邮件地址),检查是否有用户使用该电子邮件,然后在那里登录,同时设置一个 cookie
回答by DfKimera
You can manually set which domain the session cookies will be registered, and thus have them persist across different sites. Just edit config/session.php, in the following section:
您可以手动设置会话 cookie 将注册到哪个域,从而让它们在不同的站点之间保持不变。只需config/session.php在以下部分编辑:
<?php
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
?>
You're still restricted to a single top-level domain, though. So you can have store1.shops.comand store2.shops.comsharing sessions, but not myshop.comand shopsmart.com.
不过,您仍然仅限于一个顶级域。所以你可以拥有store1.shops.com和store2.shops.com共享会话,但不能myshop.com和shopsmart.com。
If you need something in this format, you'll probably fare better by creating an authentication service, and using access tokens to validate the credentials. You might also give a look at services like OneLogin.
如果您需要这种格式的东西,通过创建身份验证服务并使用访问令牌来验证凭据,您可能会做得更好。您还可以看看OneLogin 之类的服务。
