-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Different Broker is how to get the same session_id? #90
Comments
同根域名下可以共享一个cookie,只要你指定domain为根域名。。。不同根的没办法的,需要重复授权一次 |
对啊,就是这个,一个用户在不同的客户端会有生成不同的sid,比如用户1,分别登录网站a,网站b,网站c,就会生成3个session_id,这是怎么识别是一个人的呢,还有这样session是不是会过多。 |
同根域名不指定domain根域名,第一次授权需要每次都要跳转到授权服务,但是指定了domain,同根域名只要有一个授权成功,都可以共用那个cookie了,下次就不用再授权了,直接就可以请求用户信息了 |
可以参考下我做的例子 https://github.com/phpyii/tp5-sso |
@phpyii 你这个不就是使用了它这个嘛,我知道怎么用啊..只是原理没搞透彻 |
明白了 ... 登录后访问不同域名的时候用户(浏览器)把Broker的token带上去访问已经登录的认证服务器,和已经登录的session绑定起来 |
Github上的小伙伴真的是逗,我拿中文提问,你们就拿英文回复我,我拿英文提问,你们就拿中文回答我 |
@carlclone 就是你说的这么回事,只是我一直觉得这个方案不太靠谱,感觉对SSO节点压力会很大 |
每一个网页的请求都要后端访问一次SSO,这样SSO压力过大,如果SSO登录就直接登录子系统,以后每次访问不再判断登录态,这样又会导致登录状态不同步。 |
English! please. Please respect us! |
I read the code several times, but did not understand how different Broker got the same session_id, and would be very much appreciated if I could tell the logic and flow of this program
The text was updated successfully, but these errors were encountered: