laravel共享session, 实现单点登陆

时间 2019-11-09

原文原文链接

laravel开发效率高很适合作web开发，但是session本身进行了加密，须要实现不一样应用单点登陆就比较麻烦了，用nodejs实现了session的解密算法(只针对laravel5.1).javascript

理论上其余服务只须要经过读cookie里存的session就能够本身解密来实现本身的登陆检测.php

import * as crypto from 'crypto'
import * as serialization from "php-serialization"

let laravelSession = 'eyJpdiI6IjJvMzJSVnNyb3l1eEZvQ3NSUlBcLzZ3PT0iLCJ2YWx1ZSI6IjkxeVJjaXFSY2tlNUxwV0djcitnaUFNVnJzYUhHcXVndUwxOEZQeFE2Z3FHbDIyUndPRzFQMWZBS1E3TUFTeEdKUGx5aCtIY3d6WVlcL1p1dU5nQmd1QT09IiwibWFjIjoiNjI2ZDUzN2MxZmZiMzZkNGI3NTkxNTM3NGZmOTU3MTRjZjQ1NmM5OTJhOTVlNzBmNzc2ZDk1YThkMzVlODVmNiJ9'

let data = JSON.parse(new Buffer(laravelSession, 'base64').toString())

// let data = {
//     "iv": 'PEGE6zj6C\/VdOmnwVXSFaw==',
//     "value": "fpKlXI2Sa1fq8mDIgwvBr1g235LvExcde8IZ0JY9Jw5DN3IArBQ\/2ghmU21yjReOLC84DBpkaIwcghwAorVPYg==",
//     "mac": "366d20bf35f7a4123f97659b3be8b1083eb15ffd29567b9699c220a5a6a00e95"
// }

const APP_KEY = 'laravel的APP_KEY'
let ivBase64 = new Buffer(data.iv, 'base64')  // base64 iv
let decipher = crypto.createDecipheriv('aes-256-cbc', APP_KEY, ivBase64)
let sessionId = decipher.update(data.value, 'base64', 'utf8')
console.log('session_id: ' + serialization.unserialize(sessionId))

解密获得的session_id就是laravel实际的session_id.java