PHP实现跨域名Cookie_PHP-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

PHP实现跨域名Cookie_PHP

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 12:34 PM

cookievariabledomain nameaccomplish

Cookie真是一个伟大的发明，它允许web开发者保留他们的用户的登录状态。然而，当你的站点或网络
有一个以上的域名时就会出现问题了。

　　在Cookie规范上说，一个cookie只能用于一个域名，不能够发给其它的域名。因此，如果在浏览器中对
一个域名设置了一个cookie，这个cookie对于其它的域名将无效。如果你想让你的用户从你的站点中的其中
一个进行登录，同时也可以在其它域名上进行登录，这可真是一个大难题。

　　我的解决方案将使用下面的一般框架：

一个预置的脚本将用来接受通过GET或COOKIE方式传递过来的sessionid号。它将比COOKIE优先选择GET
变量。所以，无论何时需要引用交叉的域名时，我们把sessionid做为一个URL参数进行发送。
修改Apache配置，用来实现重写所有的交叉域名的cookie。这样做的原因一会儿就会清楚了。
在任何时候出现一个交叉域名引用时使用变量。
第一步：创建预置脚本
　　将下面的代码加到预置脚本中(或出现在所有脚本之前的函数中)。

<font color="#000000">
<font color="#0000BB"></font><font color="#007700"></font><font color="#0000BB">php <br><br></font><font color="#FF8000">/* 支持交叉域名cookie... */ <br><br>// 如果GET变量已经设置了，并且它与cookie变量不同 <br>//则使用get变量(更新cookie) <br></font><font color="#007700">global </font><font color="#0000BB">＄HTTP_COOKIE_VARS</font><font color="#007700">, </font><font color="#0000BB">＄HTTP_GET_VARS</font><font color="#007700">; <br>if (isset(</font><font color="#0000BB">＄sessionid</font><font color="#007700">) && isset(</font><font color="#0000BB">＄HTTP_GET_VARS</font><font color="#007700">['</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">]) && (＄HTTP_COOKIE_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">] != ＄HTTP_GET_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">])) { <br>SetCookie(</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">, ＄HTTP_GET_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">], 0, </font><font color="#007700">\'</font><font color="#0000BB">/</font><font color="#007700">\'</font><font color="#0000BB">, </font><font color="#007700">\'\'</font><font color="#0000BB">); <br>＄HTTP_COOKIE_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">] = ＄HTTP_GET_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">]; <br>＄sessionid = ＄HTTP_GET_VARS[</font><font color="#007700">\'</font><font color="#0000BB">sessionid</font><font color="#007700">\'</font><font color="#0000BB">]; <br>} <br><br>?></font>
</font>

　　一旦这个代码运行之后，一个全局的\'sessionid\'变量将可以用于脚本。它将保存着用户的cookie中的
sessionid值，或者是通过GET请求发来的sessionid值。

第二步：为所有的交叉域名引用使用变量
　　创建一个全局的配置文件，用于存放可以进行切换的域名的基本引用形式。例如，如果我们拥有
domain1.com和domain2.com，则如下设置：

<font color="#000000">
<font color="#0000BB"></font><font color="#007700"></font><font color="#0000BB">php <br><br>＄domains</font><font color="#007700">['</font><font color="#0000BB">domain1</font><font color="#007700">\'</font><font color="#0000BB">] = "http://www.domain1.com/-＄sessionid-"; <br>＄domains[</font><font color="#007700">\'</font><font color="#0000BB">domain2</font><font color="#007700">\'</font><font color="#0000BB">] = "http://www.domain2.com/-＄sessionid-"; <br><br>?></font>
</font>

　　现在，如果在代码中如下做：

<font color="#000000">
<font color="#0000BB"></font><font color="#007700"></font><font color="#0000BB">php <br><br></font><font color="#007700">echo </font><font color="#DD0000">"Click <a href="%5C%22%22</font"><font color="#007700">, </font><font color="#0000BB">＄domains</font><font color="#007700">['</font><font color="#0000BB">domain2</font><font color="#007700">\'</font><font color="#0000BB">], "/contact/?email=yes\">here</font></a> to contact us."; <br><br>?></font>
</font>

　　你将产生如下的输出：

Click here
to contact us.

　　在这里sessionid已经被插入到URL中去了。

　　在这个地方，你可能会想"这样可能会在web服务器上打开名为横线，sessionid，横线的子目录?!?!?"。
然而，下面的步骤将提供一个必需的戏法，以便让它能够使用!

第三步：配置Apache
　　现在，剩下的步骤就是配置apache来重写这个URL：

http://www.domain2.com/-66543afe6543asdf6asd-/contact/
　　变成这样：

http://www.domain2.com/contact/?sessionid=66543afe6543asdf6asd
　　并且这种url：

http://www.domain2.com/-66543afe6543asdf6asd-/contact/?email=yes
　　变成这样：

http://www.domain2.com/contact/?email=yes&sessionid=66543afe6543asdf6asd
　　为了实现它，简单地配置两个虚拟服务器，作为domain1和domain2，如下操作：

DocumentRoot /usr/local/www/domain1
ServerName www.domain1.com
RewriteEngine on
RewriteRule ^/-(.*)-(.*\?.*)＄＄2&sessionid=＄1 [L,R,QSA]
RewriteRule ^/-(.*)-(.*)＄＄2?sessionid=＄1 [L,R,QSA]

DocumentRoot /usr/local/www/domain2
ServerName www.domain2.com
RewriteEngine on
RewriteRule ^/-(.*)-(.*\?.*)＄＄2&sessionid=＄1 [L,R,QSA]
RewriteRule ^/-(.*)-(.*)＄＄2?sessionid=＄1 [L,R,QSA]

　　这些重写的规则实现了上面两个URL重写的要求。

结论
　　通过使用变量结合与apache的重写功能，交叉域名cookie可以以一种简单的方式实现。想要维护这样的
系统，无论什么时候链接交叉域名，在使用域名变量之外，什么也不用作了！在域名内部的链接不需要进行
修改，因为cookie会工作正常。

　　如果你有兴趣看一下在生产网络中实际运作中的系统，请参观http://www.familyhealth.com.au/。在
一些交叉域名链接上移动你的鼠标，并且看一下当你点击后它们是如何被重写的。

　　也许，使用这个技术唯一的问题就是无法删除在用户浏览器中的全部域名下的cookie。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does PHP type hinting work, including scalar types, return types, union types, and nullable types?Apr 17, 2025 am 12:25 AM

PHP type prompts to improve code quality and readability. 1) Scalar type tips: Since PHP7.0, basic data types are allowed to be specified in function parameters, such as int, float, etc. 2) Return type prompt: Ensure the consistency of the function return value type. 3) Union type prompt: Since PHP8.0, multiple types are allowed to be specified in function parameters or return values. 4) Nullable type prompt: Allows to include null values and handle functions that may return null values.

How does PHP handle object cloning (clone keyword) and the __clone magic method?Apr 17, 2025 am 12:24 AM

In PHP, use the clone keyword to create a copy of the object and customize the cloning behavior through the \_\_clone magic method. 1. Use the clone keyword to make a shallow copy, cloning the object's properties but not the object's properties. 2. The \_\_clone method can deeply copy nested objects to avoid shallow copying problems. 3. Pay attention to avoid circular references and performance problems in cloning, and optimize cloning operations to improve efficiency.

PHP vs. Python: Use Cases and ApplicationsApr 17, 2025 am 12:23 AM

PHP is suitable for web development and content management systems, and Python is suitable for data science, machine learning and automation scripts. 1.PHP performs well in building fast and scalable websites and applications and is commonly used in CMS such as WordPress. 2. Python has performed outstandingly in the fields of data science and machine learning, with rich libraries such as NumPy and TensorFlow.

Describe different HTTP caching headers (e.g., Cache-Control, ETag, Last-Modified).Apr 17, 2025 am 12:22 AM

Key players in HTTP cache headers include Cache-Control, ETag, and Last-Modified. 1.Cache-Control is used to control caching policies. Example: Cache-Control:max-age=3600,public. 2. ETag verifies resource changes through unique identifiers, example: ETag: "686897696a7c876b7e". 3.Last-Modified indicates the resource's last modification time, example: Last-Modified:Wed,21Oct201507:28:00GMT.

Explain secure password hashing in PHP (e.g., password_hash, password_verify). Why not use MD5 or SHA1?Apr 17, 2025 am 12:06 AM

In PHP, password_hash and password_verify functions should be used to implement secure password hashing, and MD5 or SHA1 should not be used. 1) password_hash generates a hash containing salt values to enhance security. 2) Password_verify verify password and ensure security by comparing hash values. 3) MD5 and SHA1 are vulnerable and lack salt values, and are not suitable for modern password security.

PHP: An Introduction to the Server-Side Scripting LanguageApr 16, 2025 am 12:18 AM

PHP is a server-side scripting language used for dynamic web development and server-side applications. 1.PHP is an interpreted language that does not require compilation and is suitable for rapid development. 2. PHP code is embedded in HTML, making it easy to develop web pages. 3. PHP processes server-side logic, generates HTML output, and supports user interaction and data processing. 4. PHP can interact with the database, process form submission, and execute server-side tasks.

PHP and the Web: Exploring its Long-Term ImpactApr 16, 2025 am 12:17 AM

PHP has shaped the network over the past few decades and will continue to play an important role in web development. 1) PHP originated in 1994 and has become the first choice for developers due to its ease of use and seamless integration with MySQL. 2) Its core functions include generating dynamic content and integrating with the database, allowing the website to be updated in real time and displayed in personalized manner. 3) The wide application and ecosystem of PHP have driven its long-term impact, but it also faces version updates and security challenges. 4) Performance improvements in recent years, such as the release of PHP7, enable it to compete with modern languages. 5) In the future, PHP needs to deal with new challenges such as containerization and microservices, but its flexibility and active community make it adaptable.

Why Use PHP? Advantages and Benefits ExplainedApr 16, 2025 am 12:16 AM

The core benefits of PHP include ease of learning, strong web development support, rich libraries and frameworks, high performance and scalability, cross-platform compatibility, and cost-effectiveness. 1) Easy to learn and use, suitable for beginners; 2) Good integration with web servers and supports multiple databases; 3) Have powerful frameworks such as Laravel; 4) High performance can be achieved through optimization; 5) Support multiple operating systems; 6) Open source to reduce development costs.

See all articles