0

I would like to build a community page for a browser game community (the browser game is not mine, so I can not add any code). Now I would like to check on my website whether the user is logged in into the browser game. Only in that case the user should be able to see the content. Since you cannot read cookies, which were set on another domain, is there any possible way to achieve this?

4

2 回答 2

4

您可以使用 CAS 之类的东西。中央身份验证服务器,其中,当未为第一个域设置会话时,它将是这样的:

example.net

<?php
session_start();
if(!isset($_SESSION["user"]))
{
    header('Location: http://auth.example.com/?from=example.net');
    die();
}
// Rest of the content!
?>

对于域auth.example.com

<?php
session_start();
if(!isset($_SESSION["user"]))
{ ?>
    <!-- form to get login credentials -->
<?php } else {
     if(isset($_GET["from"]) && isset($_SESSION["user"]))
         header('Location: http://example.net/auth.php?authcode=' . yourEncryptFunction($_SESSION["user"]));
} ?>

希望这可以帮助!:)

于 2012-07-14T18:53:41.780 回答
0

如果您控制这两个域,则可以这样做。一种简单但不安全的方法是使用 JavaScript 来破坏同源策略。在浏览器游戏中运行一个简单的脚本,例如:

<?php
$info = array(
    'isLoggedIn' => $_SESSION['isLoggedIn'],
    'loggedInAs' => $_SESSION['userName']
    );
echo "gameInfo = ".json_encode($info).";";

在您的社区页面上,您可以使用 JavaScript 来确定他们是否已登录:

<script src="http://gamesite.com/jsGameStatus.php"></script>
<script>
alert(gameInfo.isLoggedIn 
    ? 'Logged In as '+gameInfo.loggedInAs 
    : 'Not logged in');
</script>

同样,不是超级安全(有人可能会捏造这些值)。如果您想要更安全的东西,您将需要能够以某种方式将双方联系在一起 - 您的社区用户帐户将必须知道他们的游戏帐户 ID 是什么,然后您可以使用一个简单的从社区站点远程调用以了解游戏用户是否已登录。

于 2012-07-14T18:56:31.620 回答