CN103491141B - Application server and request processing method - Google Patents
Application server and request processing method Download PDFInfo
- Publication number
- CN103491141B CN103491141B CN201310397313.0A CN201310397313A CN103491141B CN 103491141 B CN103491141 B CN 103491141B CN 201310397313 A CN201310397313 A CN 201310397313A CN 103491141 B CN103491141 B CN 103491141B
- Authority
- CN
- China
- Prior art keywords
- log
- message
- unique mark
- user
- application server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of application servers and a kind of request processing method, wherein should have the server to include:Control unit, for after user logs in application server by client, unique mark is distributed for user, unique mark is subjected to corresponding storage with the log-on message of user, and when user log off logs in, unique mark and log-on message are removed, and judges to whether there is unique mark or log-on message in application server;Communication unit, for unique mark or log-on message to be back to client;Interception unit, the request sent out for intercepting client obtain unique mark or log-on message from request;Unit is redirected, for being determined there is no when the unique mark or log-on message obtained in control unit, is redirected to login interface.Judge whether the identity for initiating the user of request is legal, prevents conflict in such a way that application server intercepts the request that all clients are initiated.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of application server and a kind of request processing side
Method.
Background technology
BS (Brower/Server) products or the websites BS are different from CS (Client/Server) product, BS product systems one
As operate in the browser of client machine, after user's A login systems, log in identity information can be retained in browser
It is expired or before being eliminated in the cookie in cookie, as long as opening this system, application server inspection with the browser again
After the identity information for measuring the user A in this browser cookie, can directly it be logged in the identity of A.
Meanwhile present browser all supports multipage label, i.e., it can be by opening multiple pages in same browser instances
It signs to run multiple or same system.
It may will appear problems under such usage scenario:
User A is first turned on a bookmark 1, and at this moment login system opens a new bookmark 2, this new bookmark 2 detects
The cookie information of user A, can be automatically with the identity logs of user A, i.e., bookmark 1 and bookmark 2 show the behaviour of user A simultaneously at this time
Make interface.At this moment, operation is unregistered in bookmark 1, bookmark 1 returns to login interface, reuses user B and logs in, and logs in
After success, bookmark 1 shows the operation interface of user B, while the cookie information of the browser is replaced by the identity of user B and recognizes
Demonstrate,prove information.At this point, bookmark 2 still shows the operation interface of user A, if carrying out any data manipulation or request in this bookmark,
What is carried is all the identity information of user B, i.e., any operation reality will all be carried out with user B.It thus will produce operation punching
The Problem-Errors such as prominent, data inconsistency.In other words, for operator, although it is seen that the operation interface of user A,
But essence is operated with the identity of user B, data information.
Such operation can lead to operation conflict, data inconsistency.It is answered particularly with ERP, financial system etc.
With serious consequence may be caused.
Invention content
The present invention is based on above-mentioned technical problem, it is proposed that a kind of new request treatment technology can solve to use multiple
The problem of error in data caused by logging in system by user and operation conflict.
In view of this, according to an aspect of the invention, there is provided a kind of application server, including:Control unit is used for
User by client log in application server after, for the user distribute unique mark, by the unique mark with it is described
The log-on message of user carries out corresponding storage, and when the user log off logs in, and removes the unique mark and described steps on
Information is recorded, and judges to whether there is the unique mark or the log-on message in the application server;Communication unit is used
In the unique mark or the log-on message are back to the client;Interception unit is connected to the communication unit, uses
In the request that the interception client is sent out, the unique mark or the log-on message are obtained from the request;It redirects
Unit is connected to described control unit, the unique mark or described for acquisition to be not present in described control unit determination
When log-on message, it is redirected to login interface.
The log-on message and corresponding unique mark of record user in the application server, and logged in user log off
When, remove the unique mark and log-on message of record.When client sends out request, judge whether the login that can find the user
Information and/or unique mark, if search less than, illustrate the user before logins has been logged out, then be redirected to login interface, need
Want user to log in again, in this way it is prevented that after the login of 1 logging off users A of bookmark, bookmark 2 still can the user A body
Part logs in caused identity conflict and operation collision problem.
In the above-mentioned technical solutions, it is preferred that described control unit is additionally operable to the unique mark with the user's
Log-on message correspondence is stored in hash table;The application server further includes:Prompt unit, for true in described control unit
When the unique mark or the log-on message is not present in the fixed hash table, the canceled login of the client is prompted.
When being redirected to login interface, the canceled login of account of friendly prompt acquiescence can be prompted, is please logged in again.
In any of the above-described technical solution, it is preferred that the interception unit is additionally operable to intercept by HttpModule modes
The request.
In any of the above-described technical solution, it is preferred that can also include:Processing unit is deposited in described control unit determination
In the unique mark or the log-on message, the request of interception is handled.If there is unique mark and log-on message
Record, illustrates that the user account does not nullify login, is same person in register, then can normally handle asking for client
It asks.
In any of the above-described technical solution, it is preferred that the application server is the server based on B/S framework system.
The present invention judges the hair of current request in such a way that application server intercepts the request that all clients are initiated
Whether the identity for playing people is still legal, if legal, normal response request, otherwise, it will logical with a kind of friendly intuitive way
Know client.
According to another aspect of the present invention, a kind of request processing method is additionally provided, including:It is stepped on by client in user
After recording application server, unique mark is distributed for the user, the unique mark and the log-on message of the user are carried out
Corresponding storage, and the unique mark or the log-on message are back to the client;When the user log off logs in,
Remove the unique mark and the log-on message;The request that the client is sent out is intercepted, from the request described in acquisition
Unique mark or the log-on message;Judge to believe with the presence or absence of the unique mark or the login in the application server
Breath, if being not present, is redirected to login interface.
The log-on message and corresponding unique mark of record user in the application server, and logged in user log off
When, remove the unique mark and log-on message of record.When client sends out request, judge whether the login that can find the user
Information and/or unique mark, if search less than, illustrate the user before logins has been logged out, then be redirected to login interface, need
Want user to log in again, in this way it is prevented that after the login of 1 logging off users A of bookmark, bookmark 2 still can the user A body
Part logs in caused identity conflict and operation collision problem.
In the above-mentioned technical solutions, it is preferred that described to carry out the log-on message of the unique mark and the user pair
The step of should storing further includes:It is stored in the unique mark is corresponding with the log-on message of the user in hash table;It is described
Judge that the step of whether there is the unique mark or the log-on message in the application server further includes:If the hash
The unique mark or the log-on message are not present in table, then prompts the canceled login of the client.It is stepped on when being redirected to
When recording interface, the canceled login of account of friendly prompt acquiescence can be prompted, is please logged in again.
In any of the above-described technical solution, it is preferred that can also include:Described ask is intercepted by HttpModule modes
It asks.
In any of the above-described technical solution, it is preferred that can also include:If there are the unique marks or the login to believe
Breath, then handle the request of interception.It is recorded if there is unique mark and log-on message, illustrates that the user account is not nullified and step on
Record is same person in register, then can normally handle the request of client.
In any of the above-described technical solution, it is preferred that the application server is the server based on B/S framework system.
The present invention judges the hair of current request in such a way that application server intercepts the request that all clients are initiated
Whether the identity for playing people is still legal, if legal, normal response request, otherwise, it will logical with a kind of friendly intuitive way
Know client.
Description of the drawings
Fig. 1 shows the block diagram of application server according to an embodiment of the invention;
Fig. 2 shows the flow charts of request processing method according to an embodiment of the invention;
Fig. 3 shows the flow chart of request processing method according to an embodiment of the invention.
Specific implementation mode
To better understand the objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specific real
Mode is applied the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also
To be implemented different from other modes described here using other, therefore, protection scope of the present invention is not by described below
Specific embodiment limitation.
Fig. 1 shows the block diagram of application server according to an embodiment of the invention.
As shown in Figure 1, application server 100 according to an embodiment of the invention includes:Control unit 102, for
After family logs in application server 100 by client, unique mark is distributed for the user, by the unique mark and the use
The log-on message at family carries out corresponding storage, and when the user log off logs in, removes the unique mark and the login
Information, and judge to whether there is the unique mark or the log-on message in the application server;Communication unit 104,
For the unique mark or the log-on message to be back to the client;Interception unit 106 is connected to the communication unit
Member, the request sent out for intercepting the client obtain the unique mark or the log-on message from the request;Weight
Directed element 108 is connected to described control unit 102, described unique there is no what is obtained for being determined in described control unit
When mark or the log-on message, it is redirected to login interface.
The log-on message and corresponding unique mark of record user in the application server, and logged in user log off
When, remove the unique mark and log-on message of record.When client sends out request, judge whether the login that can find the user
Information and/or unique mark, if search less than, illustrate the user before logins has been logged out, then be redirected to login interface, need
Want user to log in again, in this way it is prevented that after the login of 1 logging off users A of bookmark, bookmark 2 still can the user A body
Part logs in caused identity conflict and operation collision problem.
In the above-mentioned technical solutions, it is preferred that described control unit 102 is additionally operable to the unique mark and the user
Log-on message correspondence be stored in hash table;The application server 100 further includes:Prompt unit 110, in the control
Unit processed determines in the hash table there is no when the unique mark or the log-on message, prompts the client canceled
It logs in.
When being redirected to login interface, the canceled login of account of friendly prompt acquiescence can be prompted, is please logged in again.
In any of the above-described technical solution, it is preferred that the interception unit is additionally operable to intercept by HttpModule modes
The request.
In any of the above-described technical solution, it is preferred that can also include:Processing unit 112 is determined in described control unit
There are when the unique mark or the log-on message, the request of interception is handled.
It is recorded if there is unique mark and log-on message, illustrates that the user account does not nullify login, be that same person exists
Register then can normally handle the request of client.
In any of the above-described technical solution, it is preferred that the application server 100 is the service based on B/S framework system
Device.
In order to solve on same client machine, login different user will produce in the different bookmarks of same browser example
Conflict this problem, and the present invention maintains a Key-Value Pair (key-value pair) in server end, slow for each user
Deposit a mark, client, which is initiated to carry this when request, to be identified to application server and go to match, if it is possible to be matched, then be illustrated
User's login status is normal, can normally handle request;Otherwise, illustrate the canceled login of active user, it should prompt user or
It is redirected to login interface.Specific process flow refers to Fig. 2.
As shown in Fig. 2, step 202, after user logs in application server, application server is that the user creates a Key-
Value Pair (key-value pair).After user logs in, user login information (such as token) can be stored in wherein, together as Value
Shi Weiqi takes a Key (i.e. unique mark) with uniqueness corresponding, can be by the log-on message of unique mark and user
Correspondence is stored in Hash table.
Step 204, parameter key or Value can be carried after the URL for all requests that client is initiated.
Step 208, when the user signs off, application server can remove the user automatically from Key-Value Pair
The corresponding user information Value of Key.
Step 206, application server intercepts the request of all clients initiation by modes such as HttpModule, and acquirement is asked
Ask entrained Key or Value.
Step 210, judge that Key and corresponding user information Value whether there is in Key-Value Pair, if depositing
212 are being entered step, otherwise, is entering step 214.
Step 212, illustrate the operating process that user is in after normal logged in, then continue normal processing user request.
Step 214, if being not present, illustrate that operation is nullified in user's executed, terminate the processing of request, be redirected to and log in
Interface (or giving the prompt of user's correlation).
Request processing method according to the present invention efficiently solves to be likely to occur under a current B/S framework system application
Potential risk, ensure that and use same browser example on same client machine, though open multiple bookmarks use it is more
A user account login system will not lead to the problem of error in data and operation conflict.Also, in the operation for detecting user
It there are when such risk, can avoid risk in friendly way, and give the prompt of user's correlation.
Fig. 3 shows the flow chart of request processing method according to an embodiment of the invention.
As shown in figure 3, request processing method according to an embodiment of the invention, may comprise steps of:Step 302,
After user logs in application server by client, unique mark is distributed for user, the login of unique mark and user are believed
Breath carries out corresponding storage, and unique mark or log-on message are back to client;Step 304, when user log off logs in, clearly
Except unique mark and log-on message;Step 306, the request that client is sent out is intercepted, unique mark or login are obtained from request
Information;Step 308, judge to be redirected to and step on if being not present with the presence or absence of unique mark or log-on message in application server
Record interface.
The log-on message and corresponding unique mark of record user in the application server, and logged in user log off
When, remove the unique mark and log-on message of record.When client sends out request, judge whether the login that can find the user
Information and/or unique mark, if search less than, illustrate the user before logins has been logged out, then be redirected to login interface, need
Want user to log in again, in this way it is prevented that after the login of 1 logging off users A of bookmark, bookmark 2 still can the user A body
Part logs in caused identity conflict and operation collision problem.
In the above-mentioned technical solutions, it is preferred that described to carry out the log-on message of the unique mark and the user pair
The step of should storing can also include:
It is stored in the unique mark is corresponding with the log-on message of the user in hash table;It is described to judge the application
Further include with the presence or absence of the step of unique mark or log-on message in server:If institute is not present in the hash table
Unique mark or the log-on message are stated, then prompts the canceled login of the client.When being redirected to login interface, can carry
The canceled login of account for showing friendly prompt acquiescence, please logs in again.
In any of the above-described technical solution, it is preferred that can also include:Described ask is intercepted by HttpModule modes
It asks.
In any of the above-described technical solution, it is preferred that can also include:If there are the unique marks or the login to believe
Breath, then handle the request of interception.It is recorded if there is unique mark and log-on message, illustrates that the user account is not nullified and step on
Record is same person in register, then can normally handle the request of client.
In any of the above-described technical solution, it is preferred that the application server is the server based on B/S framework system.
The present invention judges the hair of current request in such a way that application server intercepts the request that all clients are initiated
Whether the identity for playing people is still legal, if legal, normal response request, otherwise, it will logical with a kind of friendly intuitive way
Know client.
The present invention is suitable for all BS systems/websites by browser access.When different users uses same client
When same browser on end accesses same website, operation, data collision will produce.Technical solution through the invention can be cut
It obtains and judges that user asks, judge whether the identity of the promoter of current request is still legal, if legal, normal response is asked
It asks, otherwise, it will client is notified with a kind of friendly intuitive way, prevents the generation of conflict.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, any made by repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of application server, which is characterized in that including:
Control unit, for after user logs in application server by client, unique mark being distributed for the user, by institute
It states unique mark and carries out corresponding storage with the log-on message of the user, and when the user log off logs in, described in removing
Unique mark and the log-on message, and judge to whether there is the unique mark or the login in the application server
Information;
Communication unit, for the unique mark or the log-on message to be back to the client;
Interception unit is connected to the communication unit, and the request sent out for intercepting the client is obtained from the request
The unique mark or the log-on message;
Unit is redirected, described control unit is connected to, it is described unique there is no what is obtained for being determined in described control unit
When mark or the log-on message, it is redirected to login interface.
2. application server according to claim 1, which is characterized in that described control unit is additionally operable to unique mark
Know be stored in hash table corresponding with the log-on message of the user;
The application server further includes:Prompt unit, for institute to be not present in determining the hash table in described control unit
When stating unique mark or the log-on message, the canceled login of the client is prompted.
3. application server according to claim 1, which is characterized in that the interception unit is additionally operable to pass through
HttpModule modes intercept the request.
4. application server according to claim 1, which is characterized in that further include:
Processing unit determines there are when the unique mark or the log-on message in described control unit, handles the institute of interception
State request.
5. application server according to any one of claim 1 to 4, which is characterized in that the application server is base
In the server of B/S framework system.
6. a kind of request processing method, which is characterized in that including:
After user logs in application server by client, the application server is that the user distributes unique mark, will
The unique mark carries out corresponding storage with the log-on message of the user, and the unique mark or the log-on message are returned
It is back to the client;
When the user log off logs in, the application server removes the unique mark and the log-on message;
The application server intercepts the request that the client is sent out, and the unique mark or described is obtained from the request
Log-on message;
The application server judges to whether there is the unique mark or the log-on message in the application server, if not
In the presence of being then redirected to login interface.
7. request processing method according to claim 6, which is characterized in that described by the unique mark and the user
Log-on message the step of carrying out corresponding storage further include:By unique mark storage corresponding with the log-on message of the user
In hash table;
It is described to judge that the step of whether there is the unique mark or the log-on message in the application server further includes:If
The unique mark or the log-on message are not present in the hash table, then prompts the canceled login of the client.
8. request processing method according to claim 6, which is characterized in that further include:
The request is intercepted by HttpModule modes.
9. request processing method according to claim 6, which is characterized in that further include:
If there are the unique mark or the log-on message, the request of interception is handled.
10. the request processing method according to any one of claim 6 to 9, which is characterized in that the application server is
Server based on B/S framework system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310397313.0A CN103491141B (en) | 2013-09-04 | 2013-09-04 | Application server and request processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310397313.0A CN103491141B (en) | 2013-09-04 | 2013-09-04 | Application server and request processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103491141A CN103491141A (en) | 2014-01-01 |
| CN103491141B true CN103491141B (en) | 2018-07-24 |
Family
ID=49831094
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310397313.0A Active CN103491141B (en) | 2013-09-04 | 2013-09-04 | Application server and request processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103491141B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104239776B (en) * | 2014-09-23 | 2018-04-20 | 浪潮(北京)电子信息产业有限公司 | More controlled storage system single-point logging methods and more controlled storage systems |
| CN105141642B (en) * | 2015-10-23 | 2019-05-03 | 北京京东尚科信息技术有限公司 | A kind of method and device preventing illegal user's behavior |
| CN107770140A (en) * | 2016-08-22 | 2018-03-06 | 南京中兴软件有限责任公司 | A kind of single sign-on authentication method and device |
| CN107317826A (en) * | 2017-08-05 | 2017-11-03 | 中山大学 | A kind of method that java network system rights managements are realized based on blocker |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082800A (en) * | 2011-01-28 | 2011-06-01 | 浪潮(北京)电子信息产业有限公司 | User request processing method and server |
| JP2013061770A (en) * | 2011-09-13 | 2013-04-04 | Fuji Xerox Co Ltd | Service providing device and program |
-
2013
- 2013-09-04 CN CN201310397313.0A patent/CN103491141B/en active Active
Non-Patent Citations (1)
| Title |
|---|
| 《session、cookie与"记住我的登录状态"的功能的实现》;txsun;《http://www.cnblogs.com/aspnet_csharp/archive/2012/10/18/2729609.html》;20121018;第1-2页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103491141A (en) | 2014-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
| CN103023918B (en) | The mthods, systems and devices logged in are provided for multiple network services are unified | |
| US20150121503A1 (en) | Method, system and storage medium for user account to maintain login state | |
| US8925053B1 (en) | Internet-accessible service for dynamic authentication and continuous assertion of trust level in identities | |
| CN102420819B (en) | User registering method, interaction method and associated device | |
| US10778680B2 (en) | Method and apparatus for accessing website | |
| US9674179B2 (en) | Pass through service login to application login | |
| US9270662B1 (en) | Adaptive client-aware session security | |
| CN104636392B (en) | Carry out method, system, server and browser that recommendation information issues | |
| EP3028437B1 (en) | Messaging api over http protocol to establish context for data exchange | |
| US20150007283A1 (en) | Delegating authentication for a web service | |
| US10798083B2 (en) | Synchronization of multiple independent identity providers in relation to single sign-on management | |
| US9781102B1 (en) | Managing support access in software-as-a-service systems | |
| EP3557843A1 (en) | Content delivery network (cdn) bot detection using primitive and compound feature sets | |
| US8370908B2 (en) | Decreasing login latency | |
| CN103491141B (en) | Application server and request processing method | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| US8484360B2 (en) | Method and system for separating HTTP session | |
| CN104753960B (en) | A kind of system configuration management method based on single-sign-on | |
| CN114902612A (en) | Edge network based account protection service | |
| CN108449368A (en) | A kind of application layer attack detection method, device and electronic equipment | |
| WO2018118029A1 (en) | Authenticate a first device based on a push message to a second device | |
| CN110708309A (en) | Anti-crawler system and method | |
| US8214898B2 (en) | ICAP processing of partial content to identify security issues | |
| CN103986689A (en) | Examination system login authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160128 Address after: 100094 Beijing City, North Road, Haidian District, No. 68, building 2, floor 2 Applicant after: You Pu Information Technology Co., Ltd of UFSOFT Address before: 100094 Beijing city Haidian District North Road No. 68, UFIDA Software Park Applicant before: UFIDA Software Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |