search

Home  >  Q&A  >  body text

javascript - Use redis to implement single sign-in

After the user logs in, the user information is stored in redis, and a token value is generated at the same time. When the user clicks on other interfaces, the token value is carried and the login status is displayed. How to implement the code? The code I wrote always cannot be implemented?

我想大声告诉你我想大声告诉你2775 days ago877

reply all(5)I'll reply

  • 淡淡烟草味

    淡淡烟草味2017-05-24 11:32:41

    Single sign-on under the same first-level domain name on the PC side only needs to operate cookies
    Of course, using tokens and cookies are the same.
    The principles are almost the same. I don’t know what’s wrong with you not being able to implement it. Just take a look Look,

    1. Can I get the token on the new page? 2. Can I check the user data in redis based on the token? 3. If I can check the user data, are there any other questions?

    reply
    0
  • 阿神

    阿神2017-05-24 11:32:41

    The main question is, how do you allow users to bring token information when they visit.
    Use Redis to store it, and then verify it with the cookie value.

    reply
    0
  • 我想大声告诉你

    我想大声告诉你2017-05-24 11:32:41

    When users click on other pages, they bring the user's ID. When you generate the token, you use uid salt or a more complex encryption algorithm to encrypt and generate the token. After receiving the user's ID, use the ID to encrypt and compare it with the token. If you agree, you are logged in. (This is probably the effect you want to achieve?)

    reply
    0
  • PHP中文网

    PHP中文网2017-05-24 11:32:41

    Wait a minute, in addition to considering the token issue for single sign-on, you have to consider how to get the generated information directly when you open site B when you log in to site A. In fact, the cookies and sessions of different sites are different and cannot be obtained. I have seen what ucenter does. After A logs in, he will initiate http requests through js to all his brother sites, which is equivalent to passing the token to all sites for login operations. Each site will generate sessions and cookies.

    reply
    0
  • PHP中文网

    PHP中文网2017-05-24 11:32:41

    Token actually replaces password user_id=xxx&token=xxxx. Query login information through user ID and compare whether the queried token is consistent with the parameter token

    The solution I thought of for single sign-on
    For example
    User center passport.test.com
    Payment center pay.test.com
    In passport.test.com
    Set p3p header("P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR");
    Encrypt the user's login information and write it into the cookie

    Get the cookie information from pay.test.com and send it to the passport.test.com interface to verify the login information

    reply
    0
  • Cancelreply