Home >Backend Development >PHP Tutorial >Ideas for implementing SSO across main domains_PHP tutorial
The idea of implementing SSO across main domains
There are many ways to share SESSION data among multiple servers under the same main domain (ie: all subdomain names under the same first-level domain name), so I won’t go into details here!
The key issue now is the implementation of SSO in different main domains! This problem is relatively complex and can be implemented, but many of it is supported by some special software systems. . .
Actually, SESSION also needs COOKIE to support it. COOKIE does not support cross-main domain, which means that SESSION cannot cross main domain! So, how to achieve cross-main domain? ? ?
This is another simple method that suddenly came to my mind when I was implementing SSO in my project, for everyone to discuss
1. Assume that there are A.COM, B.COM, C Among the three main domains of .COM, A.COM is mainly responsible for verifying passes (faster), B.COM and C.COM are specific applications
2. B.COM and C.COM and Some of A.COM's own applications need to go to A.COM to gain trust (login)
3. Assign a subdomain passport.B.COM, passport.C.COM to each main domain, and their IPs All point to the host address where A.COM is located
4. After the user passes the login verification, set up a jump rule, using session_id as a parameter, to jump to passport.B.COM, passport.C.COM one by one ( In fact, these subdomains can be established to the default site of host A, and quick jumps can be achieved one by one through arrays and some parameters). The jumps can be made directly using PHP's header("Location: passport.B.COM/?sid=xxxxxxxx&i= 0"); , while jumping, just overwrite the session_id of the current main domain with the passed session_id.
Here are some considerations:
1. Allocating each passport. . .
2. Jumping on the same host can avoid errors in the intermediate jump link causing jump failure.
I have only tested it on the local simulated multi-master domain, and the effect is good; I have not tested it on the INTERNET network yet. Please try it when you have time and come up with a better SSO solution.. .