All geek questions in one place

Exchange Servlet Session with PHP

I want to use Java EE Application Server (GlassFish 3) as a single sign-on service for Java and PHP applications. If a user receives GlassFish authentication, they must also be registered with PHP applications.

Is there a better way to share a servlet session (more precisely: authentication status) with PHP?

+4
source share
3 answers

Take a look at PHP / Java Integration . You can integrate PHP into a servlet environment or a PHP call to Java. Now I am not 100% sure that this will specifically solve your problem, and integration is considered experimental.

What you're probably better off doing is use something else to exchange session data. Something like memcache. Both Java and PHP are free to talk to memcache. It will be a much more reliable solution.

+1
source

I have no experience connecting PHP and a Java application server, but with integration in general:

A common way to make one character is to read the session identifier (for example, a cookie set by the Java server) in a PHP script that passes it to the application server in the country (for example, through the command line, by creating an HTTP call or an instance of the shared cache) and receiving authentication status.

If this is not possible, for example. since services work in different domains, you must pass the session ID of the application server to the PHP application on the first call. The PHP application will then create its own session and store the session identifier from the application server in it. Internal application server session verification will work as described above.

If you need to exchange more than just the "logged in / not logged in" flag, you can also learn to replace PHP session processing with session_set_save_handler () . Your user session function, instead of storing the session data in a file, receives its data from your application server, which can pre-populate the session data with such things as authentication status, username, etc. It would also provide some freedom of communication between applications.

Of course, first make sure that the built-in Java / PHP integration features mentioned by cletus no longer do the trick.

+1
source

I don’t know about best practice ... but usually, if it works and is not ridiculously expensive and does not jeopardize safety, this may be an acceptable practice.

when a user visits a php page without a php session, that php page is redirected to a specific jsp page. the jsp page will show if the user has an active session. if the jsp page does not allow the user to log in. The jsp page will be redirected to a specific php page, passing it things like authentication tokens, etc., as well as the URL of the original page. The php page creates a php session and redirects to the requested source page. these pages can be in different domains and work on different servers. it can also be replicated and implemented on different servers running java or php or something else.

acc.intt / page.php β†’ sso.intt / cosession.jsp β†’ acc.intt / cosession.php β†’ acc.intt / page.php

+1
source

Source: https://habr.com/ru/post/1300503/

More articles:


All Articles