问题
How do I pass PHP session data from one Apache virtual host to another? I am currently running Apache 2.2.17 and PHP 5.3.3 and I've set up one host to manage a single sign-on application and I need to pass this to two other virtual hosts that are running separate applications. This is something I intend to develop further, but for now passing session data would be the easiest.
Currently this code creates the first session in the SSO subdomain auth.domain.com and then passes the user back to the application interface app.domain.com (has been trimmed):
$user = new User;
$user->set_user_session();
Header("Location: $redirectURL");
exit;
The server is entirely managed privately so multi-user security isn't a worry. However, if anyone sees any security issues beyond that please let me know. If you know of a better methodology please share and I will research it further. I appreciate the help.
回答1:
As far as I'm aware, PHP sessions are not (by default) virtual-host aware: you would need to pass the session ID as part of the redirect and then set it in the other virtual host. So something like:
$sessionid = session_id();
Header("Location: $redirectURL?session=$sessionid");
exit;
And then in the target of the redirect:
session_id($_GET['session']);
session_start();
Try that and let me know how it works.
回答2:
Shared Sessions If you are talking about subdomains (not specified) you may be able to set the cookie domain to just the domain so that the session ID is passed as a cookie between them
session_set_cookie_params(0, '', '.domain.com');
so, my.domain.com and your.domain.com both would get the cookie for .domain.com
With either option in place you could use a shared database or redis storage for shared session management. (share data between servers via Session storage)
As long the session storage configs are the same for all VMS.
- Same Server
- VMs on the same physical machine
- session storage in files or memory will be shared via session IDs
- MySQL Examples
- https://github.com/sprain/PHP-MySQL-Session-Handler
- https://github.com/dominicklee/PHP-MySQL-Sessions
- Redis Examples
- https://github.com/1ma/RedisSessionHandler
- https://github.com/dostoevskylabs/slimphp-session-redis-middleware
来源:https://stackoverflow.com/questions/5972485/transfer-session-data-between-apache-virtual-hosts