After the user logs in, the user information is stored in redis, and a token value is generated at the same time. When the user clicks on other interfaces, the token value is carried and the login status is displayed. How to implement the code? The code I wrote always cannot be implemented?
淡淡烟草味2017-05-24 11:32:41
Single sign-on under the same first-level domain name on the PC side only needs to operate cookies
Of course, using tokens and cookies are the same.
The principles are almost the same. I don’t know what’s wrong with you not being able to implement it. Just take a look Look,
1. Can I get the token on the new page? 2. Can I check the user data in redis based on the token? 3. If I can check the user data, are there any other questions?
阿神2017-05-24 11:32:41
The main question is, how do you allow users to bring token information when they visit.
Use Redis to store it, and then verify it with the cookie value.
我想大声告诉你2017-05-24 11:32:41
When users click on other pages, they bring the user's ID. When you generate the token, you use uid salt or a more complex encryption algorithm to encrypt and generate the token. After receiving the user's ID, use the ID to encrypt and compare it with the token. If you agree, you are logged in. (This is probably the effect you want to achieve?)
PHP中文网2017-05-24 11:32:41
Wait a minute, in addition to considering the token issue for single sign-on, you have to consider how to get the generated information directly when you open site B when you log in to site A. In fact, the cookies and sessions of different sites are different and cannot be obtained. I have seen what ucenter does. After A logs in, he will initiate http requests through js to all his brother sites, which is equivalent to passing the token to all sites for login operations. Each site will generate sessions and cookies.
PHP中文网2017-05-24 11:32:41
Token actually replaces password user_id=xxx&token=xxxx. Query login information through user ID and compare whether the queried token is consistent with the parameter token
The solution I thought of for single sign-on
For example
User center passport.test.com
Payment center pay.test.com
In passport.test.com
Set p3p header("P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR");
Encrypt the user's login information and write it into the cookie
Get the cookie information from pay.test.com and send it to the passport.test.com interface to verify the login information