跨域共享session (实现http跳转https 共享session)

在网上找了很多,终于搞明白了,也行不是最好的办法,但确实非常使用的方法。

 

其中最重要的就是 设置session id 至 本地 cookies 当中, 采用如下方法:

 

$currentSessionID = session_id();
 

 

session_id($currentSessionID );

 

 

简单实例:

 

Script 1(HTTP) :

 

<?php

// This script will create a session and display a link to your secure server address
// to transfer your session ID. In this example, the secure page to receive the session
// ID is located at http://www.yoursite.com/safePages/securePage.php

// Start a session using the current session ID stored in a cookie, or create
// a new session if none is set.

session_start();

$currentSessionID = session_id();

// Set a variable that will be retrieved with the HTTPS script.
$_SESSION['testvariable'] = 'It worked';

// $secureServerDomain is the domain of your secure server
$secureServerDomain = 'www.yoursite.com';

// $securePagePath is the path to the page that will receive and set the session ID.
$securePagePath = '/safePages/securePage.php'

echo '<a href="https://' . $secureServerDomain . $securePagePath . '?session="' . $currentSessionID . '">Click here to transfer your session to the secure server</a>';

?>
 

Script 2(HTTPS) :

 

<?php

// Retrieve the session ID as passed via the GET method.
$currentSessionID = $_GET['session'];

// Set a cookie for the session ID.
session_id($currentSessionID);

// Start a session.
session_start();

// Test retrieval of variable set when using HTTP.
if (!empty($_SESSION['testvariable'])) {
      echo $_SESSION['testvariable'];
} else {
      echo 'It did not work.';
}

?>
 

 

但是要注意的是:

http://www.mysite.com/page.php   跳转到 https://www.mysite.com/page.php

或者

http://mysite.com 跳转到 https://mysite.com/page.php.

 

关于安全性:

 

应该讲和传统的登录验证安全性一样。都是不太安全的。因为sid的传输是没有加密的,别人也可以通过监听,嗅探来获取这个session id,也就获取了你的session数据。因此后面可以考虑将session id信息加密之后进行传输。

 

 

另一种就是采用数据库的方式:

 

见附件。

 

 

require_once "session.class.php";
$oSession = new Session();
print_r($_SESSION); // First
$_SESSION['hi'] = "lisha"; // Comment this Once sessoin is set
$_SESSION['test'] = "gideon"; // Comment this Once sessoin is set

echo '===========';
//Now use php sessions as usual
print_r($_SESSION); // First
 

 

说明一下的是,需要用到 session_set_save_handler 函数,它要配合 ini_set('session.save_handler', 'user'); 一起使用!

 

 

 

 

你可能感兴趣的:(PHP)