I have a question. It might be sound ridiculous, but let me explain what I want to accomplish. Right now I try to embed open source forum to by site and I want to leave forum and my s开发者_运维问答ite databases split. When my site users are logging in I want them also automatically be logged in to the forum system. For that I want to login within my PHP code after receiving username and password in post, but I don't know how I can get only cookies in response. I have found out that I can use curl_init(), curl_exec(), curl_close() functionality, but response from curl_exec returns whole response(page content, cookies, headers). Is there a way to receive only cookies?
P.S. - If my design is totally wrong please give an advise how I can embed this functionality! I would be very thankful!
Yes, you can make a HEAD request. In that case, the server will send only the headers (this includes other things besides the cookie, but you'll have to live with that).
For curl, use the curl option CURLOPT_NOBODY
:
$ch = curl_init();
curl_setopt($ch, CURLOPT_NOBODY, TRUE);
I suppose you then "forward" the cookies to the client -- the way I see it, your approach may or may not work, depending on several factors. You should see single sign-on implementations such as CAS and OpenID.
Most authentication response is redirect so there is no body anyway. In case someone use Javascript to redirect, the body is very small, just ignore it.
HEAD will not work in most cases. Almost all authentication servers require POST for security reasons.
精彩评论