Home > Article > Backend Development > Further optimize Yii2 cross-domain SSO login Livzon portal sso sso.dinghuo123 sso
Further optimize Yii2 cross-domain SSO login Livzon portal sso sso.dinghuo123 sso
- WBOYOriginal
- 2016-07-29 08:52:072696browse
data-id="1190000004999380" data-licence="">
Preface
This article is mainly an improvement on "How Yii2 implements cross-domain SSO login analysis", because I have already written about SSO in that article The basic implementation process of login is now further optimized. There are two main optimization points: 1. When entering login.XXX.com in the address bar of the login status page of www.XXX.com, you will return to the login page, but do not log out, and then enter www.XXX.com time, let it return to the www.XXX.com page and remain logged in; 2. Modify the expiration time of the session and set it to a maximum value.
Requirement Analysis
1. Entering login.XXX.com will only return it to the login interface, but it will not exit the login. The values of session and cookie are still saved.
2. Achieve permanent login status. As long as you don't click to log out, you will remain logged in.
Code analysis
1. Modify the Login method of the login module SiteController.php
1.1, modify the code before
<code>public function actionLogin()
{
$URL=Yii::$app->request->get('redirectURL');
$model = new LoginForm();
if (!\Yii::$app->user->isGuest) {
$this->actionLogout();//退出登陆
return $this->redirect('http://'.DOMAIN_LOGIN.'?redirectURL=http://'.DOMAIN_HOME);
}
if ($model->load(Yii::$app->request->post()) && $model->login()) {
if(empty($URL)){
return $this->redirect('http://'.DOMAIN_HOME,301);
}else{
return $this->redirect($URL,301);
}
// return $this->goBack();
} else {
return $this->renderPartial('login', [
'model' => $model,
]);
}
}</code>
1.2, modify the code
<code> public function actionLogin()
{
$URL=Yii::$app->request->get('redirectURL');
$URL1='http://'.DOMAIN_CRM;
$URL2='http://'.DOMAIN_HR;
$URL3='http://'.DOMAIN_ADMIN;
$URL4='http://'.DOMAIN_OA;
$redirectURL1='http://'.DOMAIN_LOGIN.'?redirectURL=http://'.DOMAIN_CRM;
$redirectURL2='http://'.DOMAIN_LOGIN.'?redirectURL=http://'.DOMAIN_HR;
$redirectURL3='http://'.DOMAIN_LOGIN.'?redirectURL=http://'.DOMAIN_ADMIN;
$redirectURL4='http://'.DOMAIN_LOGIN.'?redirectURL=http://'.DOMAIN_OA;
$model = new LoginForm();
//验证是否已登录,非空为登录
if (!\Yii::$app->user->isGuest) {
if(!empty($URL)){
$this->actionLogout();//退出登陆
if($URL==$URL2){
return $this->redirect($redirectURL2);
}elseif($URL==$URL3){
return $this->redirect($redirectURL3);
}
if($URL==$URL4){
return $this->redirect($redirectURL4);
}
return $this->redirect($redirectURL1);
}else{
//redirectURL不存在时,提交表单判断
if(DOMAIN_LOGIN){
if ($model->load(Yii::$app->request->post()) && $model->login()) {
if(empty($URL)){
return $this->redirect($URL1,301);
}else{
if($URL==$URL2){
return $this->redirect($URL2,301);
}elseif($URL==$URL3){
return $this->redirect($URL3,301);
}
if($URL==$URL4){
return $this->redirect($URL4,301);
}
return $this->redirect($URL1,301);
}
} else {
return $this->renderPartial('login', [
'model' => $model,
]);
}
}else{
return $this->goHome(); //与之前的代码主要的区别在这里,登陆就让它回到登陆页面。
}
}
} else {
//redirectURL存在时,提交表单判断
if ($model->load(Yii::$app->request->post()) && $model->login()) {
if(empty($URL)){
return $this->redirect($URL1,301);
}else{
if($URL==$URL2){
return $this->redirect($URL2,301);
}elseif($URL==$URL3){
return $this->redirect($URL3,301);
}
if($URL==$URL4){
return $this->redirect($URL4,301);
}
return $this->redirect($URL1,301);
}
} else {
return $this->renderPartial('login', [
'model' => $model,
]);
}
}
}</code>
2. Modify the expiration time of the session and set it to a maximum value.
commonconfigmain.php
2.1. Code before modification
<code>'session' => [
'cookieParams' => ['domain' => '.' . DOMAIN, 'lifetime' => 0],
'timeout' => 3600,
],</code>
2.2. Code after modification
<code>'session' => [
'cookieParams' => ['domain' => '.' . DOMAIN, 'lifetime' => 0],
'timeout' => 7200,
],</code>
FAQ
1. Although the session expiration time has been set to a maximum value and the login success cookie has value, but after login about It will still log out after about two hours. Why is this? How to achieve true permanent login in Yii2? I would like to ask the experts to explain. If I solve the problem in the future, I will continue to update and make progress together.
Related information
Yii2 configuration Cross-domain login example: http://www.kuitao8.com/20150507/3735.shtml
Yii2 How to use redirect to automatically jump to an external site? : https://segmentfault.com/q/1010000002549004
The full text is complete. If there are any shortcomings or better methods, everyone is welcome to actively propose them. Let's communicate and learn from each other.
The above introduces the further optimization of Yii2 cross-domain SSO login, including the content of sso and yii. I hope it will be helpful to friends who are interested in PHP tutorials.