There is absolutely no way for domain.com to set a cookie for domain1.com. What you are attempting to do can only be solved by getting the user's browser to submit requests to each domain which will then set its own cookie.

domain.com 绝对没有办法为 domain1.com 设置 cookie。您尝试做的事情只能通过让用户的浏览器向每个域提交请求来解决，然后每个域将设置自己的 cookie。

Then you need a way for each domain to verify the user's identity. There are two approaches to this:

然后您需要一种方法来为每个域验证用户的身份。对此有两种方法：

1. Back channel - the sites contact each other directly to determine if a user is logged in.
2. Passing a token in the GET or POST - when the user's broweser is redirected to the other site a digitally signed parameter is passed containing the identity and session status.

1. 反向通道 - 站点直接相互联系以确定用户是否已登录。
2. 在 GET 或 POST 中传递令牌 - 当用户的浏览器被重定向到另一个站点时，将传递一个包含身份和会话状态的数字签名参数。

It's really quite complicated. I suggest you don't roll your own. Take a look at SimpleSAMLPHPfor a PHP implementation of what I'm describing.

这真的很复杂。我建议你不要自己动手。查看SimpleSAMLPHP以获得我所描述的 PHP 实现。

This can be done via one domain acting like a master and others like a slave.

这可以通过一个域充当主机而其他域充当从机来完成。

Say we've got a domain accounts.domain.com and it's our master.

假设我们有一个域accounts.domain.com，它是我们的主人。

Then we've got our slaves domain.com, something.comand another.com

然后，我们有我们的奴隶domain.com，something.com和another.com

When you'll log on on domain.com, it'll be actually site accounts.domain.com, then you'll get a cookie with unique ID for your browser and then you'll be redirected to domain.com's post-logon landing page (ie. domain.com/logon?check=true&unique-id=<browser unique id>&request-id=<unique request ID>). the landing page will contact the accounts.domain.com, querying it with the browser ID. If the transaction's okay, then you'll get logon cookie from domain.com.

当您登录 domain.com 时，它实际上是 site accounts.domain.com，然后您将获得一个带有浏览器唯一 ID 的 cookie，然后您将被重定向到 domain.com 的登录后登录页面（即domain.com/logon?check=true&unique-id=<browser unique id>&request-id=<unique request ID>）。登陆页面将联系accounts.domain.com，使用浏览器 ID 查询它。如果交易没问题，那么您将从domain.com.

Next, on every domain (domain.com, something.comand another.com) will be initial redirect to accounts.domain.com/roaming-check?return-url=<URL the redirect was initiated from>. Because we're returning home (we're logged already on accounts.domain.com), we'll be redirected again on our landing page (<domain name>.com/logon?check=true&unique-id=<browser unique id>&request-id=<unique request ID>) and from this point it's the same as the part with logging on. We're seamlessly roamed to another domain (without user knowing it as browsers doesn't usually show the redirected page until it passed the headers send(server)/receive(browser) section).

接下来，在每个域 ( domain.com,something.com和another.com) 上将初始重定向到accounts.domain.com/roaming-check?return-url=<URL the redirect was initiated from>. 因为我们要回家（我们已经登录accounts.domain.com），我们将再次重定向到我们的登录页面 ( <domain name>.com/logon?check=true&unique-id=<browser unique id>&request-id=<unique request ID>)，从这一点开始，它与登录部分相同。我们无缝漫游到另一个域（用户不知道它，因为浏览器通常不会显示重定向的页面，直到它通过标头发送（服务器）/接收（浏览器）部分）。

In case there's in fact no active logon, the site will save this "negative logon" to session and not try to check logon anymore (until we try to logon or load another domain).

如果实际上没有活动登录，站点会将此“否定登录”保存到会话中，并且不再尝试检查登录（直到我们尝试登录或加载另一个域）。

What you're attempting can't be done. (It's a browser security issue, not a PHP one.)

你正在尝试的事情无法完成。（这是浏览器安全问题，而不是 PHP 问题。）

Other than using some form of off-site authentication, the nearest you can achieve is making a cookie accessible across sub-domains, in which case you just use the optional 'domain' arg of PHP's set_cookiefunction.

除了使用某种形式的场外身份验证之外，您可以实现的最接近的是使 cookie 可跨子域访问，在这种情况下，您只需使用 PHP 的set_cookie函数的可选“域”参数。

I think this solution will suit your needs: "Simple Single Sign-On for PHP"

我认为此解决方案将满足您的需求：“ PHP 的简单单点登录”