php 跨域保存会话变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14611545/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Preserving session variables across different domains
提问by etm124
I'm not sure if this is even possible.
我不确定这是否可能。
My company has their main site that accept credit cards and other payment information. They also have other sites that are directly related to events we host. For example our main site is something like:
我公司有他们的主要网站,接受信用卡和其他付款信息。他们还有其他与我们举办的活动直接相关的网站。例如我们的主站点是这样的:
But have another site specifically for an annual event:
但是有另一个专门用于年度活动的网站:
http://www.etm124annualgala.com
http://www.etm124annualgala.com
My 'event' site is handling registration and saves to our database, but our main site handles the credit card processing. With current purchases handled on the main website, sessions are used to pass data to the payment/cc screens.
我的“活动”站点正在处理注册并保存到我们的数据库中,但我们的主站点处理信用卡处理。通过在主网站上处理当前购买,会话用于将数据传递到支付/抄送屏幕。
Without having to change my payment code (to accept, say, $_GET parameters), shouldn't my $_SESSIONvariables be passing over?
无需更改我的付款代码(例如接受 $_GET 参数),我的$_SESSION变量不应该被传递吗?
Example:
例子:
$_SESSION['s_address1'] = $_POST['address1'];
$_SESSION['s_address2'] = $_POST['address2'];
$_SESSION['s_city'] = $_POST['city'];
$_SESSION['s_state'] = $_POST['state'];
$_SESSION['s_zip'] = $_POST['zip'];
header('Location: https://www.etm124biz.com/payment.php?oid=' . $oid . '&src=conf&id=' . $seq);
My payment.phppage looks for the address session variables above.
我的payment.php页面查找上面的地址会话变量。
回答by Jon
Cross-domain session ids
跨域会话 ID
Session ids are passed around using cookies by default. Since your websites are on different domains the session cookie does not transfer over, so that's one thing that prevents cross-domain sessions from working.
默认情况下,会话 ID 使用 cookie 传递。由于您的网站位于不同的域中,因此会话 cookie 不会转移,因此这是阻止跨域会话工作的一件事。
One technique to have the session ids transfer over is to append them to the query string of all your requests (PHP even has some degree of built-in support for this). However, this way of doing things has many drawbacks -- the most important being that people copy/paste URLs all the time, with all that implies about revealing valid and reusing invalid session ids -- and therefore is not recommended.
传输会话 ID 的一种技术是将它们附加到所有请求的查询字符串中(PHP 甚至对此有某种程度的内置支持)。然而,这种做事方式有很多缺点——最重要的是人们一直在复制/粘贴 URL,这意味着揭示有效和重用无效的会话 ID——因此不推荐。
A much better approach would be to use Javascript to make cross-domain requests across all of the interested domains (which would need to be cooperating in this of course). This way you can seamlessly transfer your session id across as many servers as you need to.
更好的方法是使用 Javascript 跨所有感兴趣的域发出跨域请求(当然这需要合作)。通过这种方式,您可以根据需要在任意数量的服务器上无缝传输会话 ID。
Shared session data
共享会话数据
Even if the cookie were not a problem, you would need to have the session data on some storage commonly accessible by all your servers. The default storage is the local filesystem, so again this is something that needs to change if you want cross-domain sessions.
即使 cookie 没有问题,您也需要将会话数据保存在所有服务器都可以访问的某个存储中。默认存储是本地文件系统,所以如果你想要跨域会话,这也是需要改变的。
A simple solution to this problem would be to use a custom session handlerthat stores the data on a database or other globally accessible store.
此问题的一个简单解决方案是使用自定义会话处理程序,将数据存储在数据库或其他可全局访问的存储中。
回答by Danilo Kobold
this question has the answer for ir.
这个问题有 ir 的答案。
and this question does explore the subject a lot.
这个问题确实对这个主题进行了很多探索。
回答by Airy
It's late to answer this question but as I have faced this problem and could not find the solution even after tens of hours and searching google, stackoverflow all over but yet no success. But now finally I have figured out the problem and the solution for it.
回答这个问题为时已晚,但由于我遇到了这个问题,即使经过数十个小时并在谷歌上搜索,stackoverflow 也找不到解决方案,但仍然没有成功。但现在我终于找到了问题及其解决方案。
SERVER SIDE
服务器端
For Cross-Domain PHP Sessions, we need to do following things
对于跨域 PHP Sessions,我们需要做以下事情
Step 1
第1步
First of all, we need to set these lines in .htAccessin our main domain where the php receives the request
首先,我们需要.htAccess在php接收请求的主域中设置这些行
SetEnvIf Origin ^(http?://m\.example\.com(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
These above lines tells to allow requests from http://m.example.comonly. Note that I have set http. You can set httpsif you have SSL Connection.
以上这些行告诉仅允许来自http://m.example.com 的请求。请注意,我已经设置了http. 您可以设置https是否有 SSL 连接。
Step 2
第2步
You must allow PHP to share same sessions for different subdomains before session_start()
在此之前,您必须允许 PHP 为不同的子域共享相同的会话 session_start()
ini_set('session.cookie_domain', '.example.com');
session_start();
If you have access to php.inithen set it once there then you won't need to set above lines in your PHP Files.
如果您有权访问php.ini然后在那里设置一次,那么您将不需要在 PHP 文件中设置上面的行。
CLIENT SIDE
客户端
And last, you must tell the Browser to make request with Cross-Domain. As in JQuery
最后,您必须告诉浏览器使用Cross-Domain. 就像在 JQuery 中一样
$(document).ready(function()
{
$.ajaxSetup({
crossDomain: true,
xhrFields: {
withCredentials: true
}
});
});
