一台服务器上有2个域。如果用户登录一个域,他也必须登录另一个域。如何在一台服务器上的php中进行跨域授权?我解决了子域,但不能解决不同的二级域。
问问题
2227 次
2 回答
2
The main problem is that the cookie isn't send by the browser if you're on another domain.
You can't make the browser to write a cookie for another domain, too.
What can be done is send a unique token to the other domain, and when validated, write a cookie on the second domain. That can be done when authenticated, using an iframe or a double-redirect (iframe cookies are blocked by some browsers, like safari). The unique token will have to be validated by the second domain, and then invalidated (removed) so it can't be used again by another user (man in the middle attack).
于 2012-10-17T08:25:12.250 回答
1
您必须研究CAS并根据您使用的框架来实施它。例如,在我的 Zend 应用程序中,我会使用Zend_OpenId和Zend_Oauth。
于 2012-10-17T08:27:25.970 回答