Shulou(Shulou.com)06/02 Report--

This article is about how to use PHP for SSO login. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

PHP implementation SSO login method: 1. The user enters the login page to generate a custom SID, write redis and cookies;2. In the BaseController constructor of the service, write an operation to update redis;3. js constructs a jump event, and then the server checks the user's stored redis according to SID.

Operating environment: Windows 7 system, PHP 7.1 version, Dell G3 computer.

SSO Single Sign-on Design and PHP Implementation

It is recommended that you familiarize yourself with Single Sign-On SSO concepts.

1. SSO: Single sign-on, one-time login, all related systems can be accessed without repeated login

2. Implementation scheme: share S [ID]+[cross-domain SID] in [top-level domain] cookie

3. Abandon PHP session and store user information in redis

4. Every time a user operates legally, write an operation to update redis in the BaseController constructor of the service, and update redis to store the expiration time of the user login state--the purpose simulates the expiration of the session.

5. Specific SSO implementation of single sign-on:(PHPsessionId is abandoned)--Authentication user login api, unified in sso server, other login pages call this interface.

1) SSO single sign-on authentication: the user enters the login page to generate a custom SID, write redis and cookies; submit the account password, adjust the SSO authentication api to pass, SSO needs to bind the SID in the user and cookies,(LoginAction/ssologin/321 line: api::get inside)

token generated by local server (2 are custom fields and rules) is stored in redis, and the validity period is recommended to be 30 minutes.

2) Write an update redis operation in the BaseController constructor of the service. If there is a service, update the corresponding SID and token validity period (i.e. no operation for 30 minutes, the login status expires). --The purpose is to simulate the session expiration.

3) SID stored in cookie domain name must be top-level domain name such as [.example.com], cookie validity period is recommended for one month;

4) The user directly clicks on other sub-domain names from the domain name webpage just logged in. The link does not need to carry a plaintext SID or token, because the cookie will carry SID itself. The server will check whether the redis data corresponding to SID is valid according to the SID in the cookie.

6, cross-domain login, for example, I want to login is not under the domain name of [.example.com] such as: erji.mogo.com, but I use the same SSO authentication system, how to do?

It's still the domain name web page you just logged in. js constructs a jump event. The url of the jump?& SID=xxx is enough, you can use jQuery.cookie.js to get SID from cookie, and then the server also checks whether the user's stored redis data expires according to SID.

Thank you for reading! About "php how to achieve SSO login" This article is shared here, I hope the above content can have some help for everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.