使用会话进行基于角色的身份验证

时间:2018-09-20 07:53:38

标签: php api session roles

我正在玩各种会话来验证用户身份和运行功能。 我正在两台服务器之间使用会话。我在下面描述了我正在做的过程。

1)使用Schema::create('category_image', function (Blueprint $table) { $table->increments('id'); $table->integer('image_id'); $table->integer('category_id'); }); Schema::create('category_image', function (Blueprint $table) { $table->increments('id'); $table->integer('image_id'); $table->integer('category_id'); }); Schema::create('categories', function (Blueprint $table) { $table->increments('id'); $table->string('name'); }); ,将用户名和密码传递到主Server 1

Server 2

2)我在public function get_session_auth($username,$password){ $resultArray = array( 'result' => 'succeeded', 'resultText' => null ); $request = new HTTP_Request2($this->baseUrl. 'index.php/login/get_session_id_via_login?username='.$username.'&password='.$password, HTTP_Request2::METHOD_GET); if (ENVIRONMENT === 'development') { $request->setConfig(array('ssl_verify_peer' => false)); } //$request->setAdapter('curl'); try { $response = $request->send(); if (200 == $response->getStatus()) { $resultArray = json_decode($response->getBody(), true); } else { $resultArray['result'] = 'failed'; $resultArray['resultText'] = 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); // Here we should write data to log file. $this->getLogger()->error($resultArray['resultText']); } } catch (HTTP_Request2_Exception $e) { $resultArray['result'] = 'failed'; $resultArray['resultText'] = 'Error: ' . $e->getMessage(); // Here we should write data to log file. $this->getLogger()->error($resultArray['resultText']); } $resultArray['operation_name'] = 'get_session_auth'; return $resultArray; } 中使用usernamepassword登录用户,然后开始会话并在Sever 2中存储诸如( id, user_id, role = (Admin, Batch) )之类的信息。 3)我得到$_SESSION并将其传递回session_id

Sever 2

4)现在,我使用$session_id = session_id(); return $session_id; 中的Server 2GET中调用某些函数,并且还将Server 1作为变量传递给url

session_id

5)我从public function dosomething($session_id) { $resultArray = array( 'result' => 'succeeded', 'resultText' => null ); $request = new HTTP_Request2($this->baseUrl. 'index.php/payment/dosomething/true?session_id='.$session_id, HTTP_Request2::METHOD_GET); if (ENVIRONMENT === 'development') { $request->setConfig(array('ssl_verify_peer' => false)); } //$request->setAdapter('curl'); try { $response = $request->send(); if (200 == $response->getStatus()) { $resultArray = json_decode($response->getBody(), true); } else { $resultArray['result'] = 'failed'; $resultArray['resultText'] = 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); // Here we should write data to log file. $this->getLogger()->error($resultArray['resultText']); } } catch (HTTP_Request2_Exception $e) { $resultArray['result'] = 'failed'; $resultArray['resultText'] = 'Error: ' . $e->getMessage(); // Here we should write data to log file. $this->getLogger()->error($resultArray['resultText']); } $resultArray['operation_name'] = 'dosomething'; return $resultArray; } 中的URL获取session_id,然后尝试使用

Server 2

6)问题是,我期望session_id( 'session_id' ); session_start(); 变量将具有先前存储的$_SESSION,但$ _SESSION`变量为空,即使session_id与我存储的相同这些信息之前。

那么我该如何检索存储在第一个(id, user_id, role=(Admin,Batch)中的信息?

0 个答案:

没有答案