我有一个主域:main.com
、子域:test1.main.com
和test2.main.com
其他域one.com
,two.com
.
现在它是这样完成的:
ini_set("session.cookie_domain", ".main.com");
$domain = 'main.com';
登录.php
$user = $db->query("SELECT id, login FROM users WHERE email=? AND password=?",
array($email, $password), "rowassoc");
if($user)
{
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['login'];
$time = 100000;
setcookie('email', $email, time() + $time, "/", "." . $domain);
setcookie('password', $password, time() + $time, "/", "." . $domain);
header('Location: http://' . $user['login'] . "." . $domain);
exit;
}
在每个页面上添加:
if(!isset($_SESSION['user_id']))
{
if(isset($_COOKIE['email']) && isset($_COOKIE['password']))
{
$email = $_COOKIE['email'];
$password = $_COOKIE['password'];
$user = $db->query("SELECT id, login FROM users WHERE email=? AND password=?",
array($email, $password), "rowassoc");
if($user)
{
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['login'];
}
}
}
else
{
$user = $db->query("SELECT id, login FROM users WHERE id=?",
array($_SESSION['user_id']), "rowassoc");
if(!$user)
{
setcookie('email', '', time() , "/", "." . $domain);
setcookie('password', '', time() , "/", "." . $domain);
unset($_SESSION['user_id']);
session_destroy();
setcookie("PHPSESSID","",time(), "/", "." . $domain);
}
else
{
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['login'];
}
}
注销.php
if(isset($_SESSION['user_id']))
{
setcookie('email', '', time() , "/", "." . $domain);
setcookie('password', '', time() , "/", "." . $domain);
unset($_SESSION['user_id']);
unset($_SESSION['user_name']);
session_destroy();
setcookie("PHPSESSID","",time(), "/", "." . $domain);
header('Location: /main');
exit;
}
但它仅适用于域main.com
及其子域test1.main.com
,test2.main.com
.
我需要以某种方式保存会话和其他域one.com
,two.com
.
如何最好地进行安全身份验证,如果有解决方案,我真的很困惑,请举例说明。