两个网站之间的共享会话

编程入门 行业动态 更新时间:2024-10-23 18:35:11
本文介绍了两个网站之间的共享会话的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述

您好,谢谢... 我正在研究一个项目,我需要澄清一些信息,以便以高度安全的方式在两个站点之间共享数据.目前,我正在使用Form Post共享数据.但是我考虑是否可以从site-2获取site-1会话数据,因为我认为使用会话更安全.我不知道如何在两个站点之间使用会话,但是我希望这里的人会知道.

Hi thanks in advance... I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to share data. But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure. I don't know how to use a sessions between two sites, but I hope someone here will know.

赞: 站点1编码

$_SESSION['customer_id'] = 'XYZ'; $_SESSION['total_amount'] = '100'; <a href=site2/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>

do.php中的站点2代码

$session_id = $_REQUEST['session_id']; $shared_data = bla_bla_bla_function($session_id); $customer_id = $shared_data['customer_id']; $total_amount = $shared_data['total_amount'];

或者除了表单发布外,还有什么方法可以在两个网站之间进行安全的数据共享,请告诉我. 谢谢 您的 Kaartikeyan R

or is there any way to do the secure data sharing between two website other than form post, please tell me. Thank you Yours, Kaartikeyan R

找到解决方案

我已通过CURL将客户ID和金额发送到第二个网站,为此在表中创建记录,并生成带有记录ID的加密ID,然后返回加密ID.

I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.

因此,在第一个网站中,我获得了加密ID,并将其用于URL重定向到第二个网站.

So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.

在具有加密ID的第二个网站上,我获得了客户ID和金额.

On the Second Website with the Encrypted ID i get the Customer ID and Amount.

推荐答案

Urk.首先,永远不要:

$session_id = $_REQUEST['session_id'];

这会导致我们称之为会话固定"的安全漏洞(更多信息: en.wikipedia/wiki/Session_fixation ).

This causes a security truck-hole we refer to as 'session fixation' ( read more: en.wikipedia/wiki/Session_fixation ).

看来您对安全性的要求很高.如果您需要从站点1到站点2共享数据,则应通过一个消费网桥进行操作:

It seems you're pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:

1).单击站点1上指向处理程序文件的链接,我们将其称为redir.php.

1). Click on a link on Site 1 to a handler file, let's call it redir.php.

2). Redir.php首先检查现有的会话数据.

2). Redir.php first checks the existing session data.

3). Redir.php将相关信息以及某种标识符(例如,用户ID的MD5哈希+'_'+当前时间)以及一个'consumed'标志写入数据库行中,设置为false.

3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false.

4). Redir.php和标识符一起进行301重定向到站点2.

4). Redir.php does a 301 redirect to Site 2, along with the identifier.

5).站点2从数据库中读取相关行.

5). Site 2 reads the relevant row out of the DB.

6).如果数据良好并且尚未消耗",则返回成功并将数据标记为已使用.

6). If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.

7).如果数据已被消耗,则抛出某种错误.

7). If the data has been consumed, throw some sort of error.

执行此操作的方法比较复杂,但是我认为这可以解决您要尝试执行的操作.

There are more complex ways of doing this, but I think this handles what you're trying to do.

更多推荐

两个网站之间的共享会话

本文发布于:2023-11-25 22:39:19,感谢您对本站的认可!
本文链接:https://www.elefans.com/category/jswz/34/1631634.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文标签:两个   网站

发布评论

评论列表 (有 0 条评论)
草根站长

>www.elefans.com

编程频道|电子爱好者 - 技术资讯及电子产品介绍!