Introduction to the method of reading session across php cross-domain, cross-subdomain, and cross-server

ini_set('session.cookie_path', '/');
ini_set('session.cookie_domain', '.mydomain.com');
ini_set('session.cookie_lifetime', '1800');

2. Set in php.ini

session.cookie_path = /
session.cookie_domain = .mydomain.com
session.cookie_lifetime = 1800

3. Call the function at the beginning of the php page (same condition as 1)

session_set_cookie_params(1800, '/', '.mydomain.com');

These three methods have the same effect.

Here I use the first method to set up and test on two domain names: www.mydomain.com and sub.mydomain.com. sub1.php

//Set the page you visit first
ini_set('session.cookie_path', '/');
ini_set('session.cookie_domain', '.mydomain .com');
ini_set('session.cookie_lifetime', '1800');
//
session_set_cookie_params(1800, '/', '.mydomain.com');
session_start ();
$_SESSION['sub1'] = 'sub1';
print_r($_SESSION);
?>

sub2.php

session_set_cookie_params(1800, '/', '.mydomain.com');
session_start();
$_SESSION['sub2'] = 'sub2';
print_r($_SESSION );
?>

Access sequence: (1)www.mydomain.com/sub1.php Page output: Array ([sub1] => sub1)

(2)sub.mydomain.com/sub2.php Page output: Array ( [sub1] => sub1 [sub2] => sub2 )

Success

The second goal can be achieved by using a database to save SESSION data, so that each server can easily access the same data source and obtain the same SESSION data; or through file sharing, such as NFS (my other articles How to configure nfs) If you use a database to store session data, there may be remaining problems. That is, if the website has a large number of visits, SESSION reading and writing will frequently operate on the database. You can put this in memcache. Stored in the database, there are previous articles that have been implemented. The idea of ​​combining database and memcache has been discussed before. If it is not good to use memcache alone to store sessions, it is best to combine it with the database.

2) Cross-domain solution Idea: Use iframe to solve it, but ff does not support it, so you need to add the p3p protocol in front.

P3P (Platform for Privacy Preferences Project) is a protocol that declares it is a good guy and allows the collection of browser user behavior. But in reality, everyone can say that they are good people, and they may be doing bad things behind their backs. This is where the disagreement lies. [Reference] Most domestic websites do not pay attention to this P3P. Privacy issues may not be taken as seriously as foreign countries (Microsoft's privacy statement).

The first thing that comes to mind is to operate cookies through JS and allow cookies from two different domains to access each other, so that the above effect can be achieved.

The following is the specific implementation process, divided into two steps: 1. After successfully logging in under system A, use JS to dynamically create a hidden iframe, and use the src attribute of the iframe to redirect the cookie value under domain A as a get parameter to the b.jsp page under system B;

 var _frm = document.createElement("iframe");
 _frm.style.display="none";
 _frm.src = "http://bbs.it-home.org/setcookie.php ?mycookie=xxxxx";//The best encoding of xxx here is
 document.body.appendChild(_frm);

2. Get the information passed in system A in the setcookie.php page of system B Cookie value passed over, and the obtained value is written into the user's cookie. Of course, the domain is its own, so that cross-domain cookie access is simply realized; However, there is a problem that needs attention, that is, when browsing in IE This operation cannot be successful under the server. You need to set the P3P HTTP Header in the setokokie.php page (for specific details, please refer to: http://www.w3.org/P3P/). The P3P setting code is:

header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');//This is how ecshop is set up