Session multi-terminal login, how to share?

For example, I logged into my Baidu account. When I entered Tieba, I found that I was already logged in. When I entered Nuomi, I found that I was also logged in automatically

For another example, I logged into Taobao, opened Alipay, and found that Alipay was also logged in, entered Tmall and found that Tmall was also logged in, and exited Tmall, and found that Taobao has also logged out (but Alipay does not seem to be affected)

You also have to log in to Meituan, and then enter Meituan Food Delivery and find that you have also logged in. How do you do this?

It feels like their accounts are universal, such as NetEase Pass, Baidu Pass, and login sessions between applications. Can they be shared? Tieba is a second-level domain name. The cookies of PHPSESSION cannot be cross-domain. Even if the same domain name is OK, then nuomi. How can com do this? It’s really evil.

I remember that Discuz used to have a UCenter Home, was that just for this purpose?

What is this knowledge point called? Multiple login points? Multiple logins? Session sharing?

How to do it specifically? In this case, SESSION should not exist in the file. What problems will there be if you use redis, memcached, or something else? It can realize multi-terminal login and monitor the login device at any time, like QQ Security Center ?

Currently, my project uses sessions saved in files. Multiple applications also use the same account, which is equivalent to the pass mode. However, different applications use different session prefixes when logging in, so each time they need to log in separately, it is There is a server, and session loss often occurs, and inexplicable automatic logout problems occur. There is no way to monitor user login status, which feels bad.

Please give me some guidance and let me know the key knowledge points. Can I look for information again?

Reply content:

For example, I logged into my Baidu account. When I entered Tieba, I found that I was already logged in. When I entered Nuomi, I found that I was also logged in automatically

For another example, I logged into Taobao, opened Alipay, and found that Alipay was also logged in, entered Tmall and found that Tmall was also logged in, and exited Tmall, and found that Taobao has also logged out (but Alipay does not seem to be affected)

You also have to log in to Meituan, and then enter Meituan Food Delivery and find that you have also logged in. How do you do this?

It feels like their accounts are universal, such as NetEase Pass, Baidu Pass, and login sessions between applications. Can they be shared? Tieba is a second-level domain name. The cookies of PHPSESSION cannot be cross-domain. Even if the unified domain name is OK, then nuomi. How can com do this? It’s really evil.

I remember that Discuz used to have a UCenter Home, was that just for this purpose?

What is this knowledge point called? Multiple login points? Multiple logins? Session sharing?

How to do it specifically? In this case, SESSION should not exist in the file. What problems will there be if you use redis, memcached, or something else? It can realize multi-terminal login and monitor the login device at any time, like QQ Security Center ?

Currently, my project uses sessions saved in files. Multiple applications also use the same account, which is equivalent to the pass mode. However, different applications use different session prefixes when logging in, so each time they need to log in separately, it is It exists on a server, and session loss often occurs, and inexplicable automatic logout problems occur. There is no way to monitor user login status, which feels bad.

Please give me some guidance and let me know the key knowledge points. Can I look for information again?

First of all, I would like to remind you not to be frightened by new technologies, and do not check SSO (Single Sign On). This will only increase the complexity of your problem and your fear of this problem. In fact, It's really not that difficult.

---

Let me help you break down the problem. The Session multi-terminal login you mentioned can actually be broken down into Session shared login. It is not an advanced thing. It is nothing more than the required Session value when different servers have different domain names. It is accessible and allows everyone to read the same Session value. The important thing is the same session_id() value. In this case, each (server/project) reads the same data. Since they all read the same data (especially the same session_id() value), then we can use this identifier to make different Users display different content, and the problem of multiple logins is solved

(To simplify the problem, logging in is a special process for users. From the perspective of us developers, it is nothing more than letting different people read different data, and we only need to obtain That login identifier will do).

In other words, the key technical points of session sharing lie in two points:

1. Let the client access the same sessionId,
2. The location of the Session data accessed by servers corresponding to all domain names must be consistent

The following focuses on the implementation. Session sharing is more complicated than cookie sharing because there are relatively many situations. There are about four situations

The same server has the same domain name, the same server has different domain names, different servers have the same domain name, and different servers have different domain names.

Implementation of the same server and the same domain name (different subdomain names):

The implementation is relatively simple. Just find an online demo (picture intrusion and deletion) and follow the following code to implement it.

Implementation of different domain names on the same server:

In this case, we once again clarify the key technical points to achieve session sharing, the same sessionId, the same data source.
If you have different domain names, you must first cross-domain the cookie ('PHPSESSID'), and then use this sessionid value to obtain the corresponding data from the MySQL database or Nosql, thus realizing session sharing with different domain names on the same server.
The first is cookie cross-domain:

Then there is Redis data sharing. The key is session_id and the value is the data that needs to be shared. Redis cluster technology is used. The example is too complicated. If you are interested, you can directly go to the article to view: redis cluster cluster installation and configuration details

Implementation of the same domain name on different servers:

This situation is similar to , but in this case there is no need to consider the issue of cookie cross-domain, so just focus on data sharing, the same as above , the key is sessio_id, the value is the specific data value, refer to the article above for detailed explanation of redis cluster cluster installation and configuration.

Implementation of different server names and different domain names:

This situation and Graph visit also have to achieve two goals, the same sessionId,Same data source. If the domain name is different, you must first cross-domain the cookie ('PHPSESSID'), and then use this sessionid value to obtain the corresponding data from the MySQL database or Nosql, thus realizing session sharing with different domain names on the same server.
The first is cookie cross-domain:

Then there is Redis data sharing. The key is session_id and the value is the data that needs to be shared. Redis cluster technology is used. The example is too complicated. If you are interested, you can directly go to the article to view: redis cluster cluster installation and configuration detailed explanation.

We found that the solutions in the four cases are similar, the second case and the fourth case is basically the same. The core idea is to solve two root problems. Everyone needs to get the same session_id, and there is a shared data source that everyone needs to get.

After understanding these two points, SSO shared by Session will be a matter of course.
If you have any questions, you can ask directly in the comment area and I will answer immediately.

If it is the same domain name, you can actually set COOKIE. If it is a different domain name, it is the SSO and single sign-on mentioned above. This should not share the session, but only share the login status. . Only load balancing can share sessions

1. Overview
Session multi-end login is to maintain session consistency. Since the session is unique, to maintain the uniqueness of the session, you can store the session in one place. When everyone retrieves the session, they will retrieve it from one place, thus maintaining the consistency of the session.
2. The method to implement session
is actually to store the session in one place so that everyone can access it. As for the others, they are all additional, and the principle is Jiang Zi. The general implementation methods are:
1) nfs file sharing system, allowing different projects to access the same shared file.
2) Stored in mysql.
3) Stored in in-memory database, such as redis, memcache, etc.
4) Cookie-based sharing. This requires unified domain names.
3. Regarding redis session sharing, others are similar
1) There is a session storage address stored in php.ini. You can change the session address to the address where redis stores the session. session.save_path
But generally this kind of server will have access control. So you can refer to the second method
2) Rewrite the session and change the storage path of the session through PHP code. PHP has related session rewritten classes.

Thank you for the invitation
Using single sign-on SSO, you can use the same login system for several sub-websites and the main website. For example, CSDN webmasters in China do this.
You need to consider redis if you store the login information and token in redis. Hit rate problem

That is SSO, single sign-on

Use cas single sign-in open source framework, support php,.net,java

Single sign-on SSO, you can check the relevant information of CAS.
You can read this blogger’s article: http://denger.iteye.com/category/161641

Single Sign-On SSO