CN106603713B - Session management method and system - Google Patents
Session management method and system Download PDFInfo
- Publication number
- CN106603713B CN106603713B CN201611266512.8A CN201611266512A CN106603713B CN 106603713 B CN106603713 B CN 106603713B CN 201611266512 A CN201611266512 A CN 201611266512A CN 106603713 B CN106603713 B CN 106603713B
- Authority
- CN
- China
- Prior art keywords
- cache
- server
- session
- client
- version number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Abstract
The invention discloses a session management method, which comprises the following steps: when a session request sent by a client is received, a session token and a cache version number carried by the session request are obtained; searching a server cache corresponding to the session token locally in a server; if the server cache corresponding to the session token is found successfully, judging whether the server cache is the latest version according to the cache version number; and if the server cache corresponding to the session token is not found or the server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing session operation according to the session request. The invention also discloses a session management system. The invention realizes the session management when WEB applies multiple servers.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a session management method and system.
Background
With the explosion of the internet, more and more enterprises and government agencies have built WEB (World wide WEB) applications to provide services for users. Since a user can access the WEB Application through a browser, the operation is convenient and fast, and a corresponding APP (Application, Application software) does not need to be specially installed, more and more users also select to use the WEB Application.
With the increasing amount of access to the WEB application, a single server cannot be competent for a WEB application system with large concurrency and strong reliability, so that a distributed WEB application server cluster is generally adopted to provide support for the service of the WEB application, and the service processing efficiency is improved. Because the distributed WEB application server cluster comprises a plurality of servers, multiple requests of the same user client can be processed by different servers, at the moment, different servers need to identify the client according to session data, the client continues to provide service support, and the situations of multiple login and the like of the client are avoided.
At present, the session management schemes for multiple servers mainly include: session Stick, Session replication, Session centralized management, Cookie-based management, and the like. However, these management schemes have the risks of single point problem, large memory occupation, high network overhead, low security, and the like, and cannot meet the session management requirements of multiple servers.
Disclosure of Invention
The invention mainly aims to provide a session management method and a session management system, and aims to solve the technical problem that risk exists in session management when multiple servers are applied to WEB.
In order to achieve the above object, the present invention provides a session management method, including the following steps:
when a session request sent by a client is received, a session token and a cache version number carried by the session request are obtained;
searching a server cache corresponding to the session token locally in a server;
if the server cache corresponding to the session token is found successfully, judging whether the server cache is the latest version according to the cache version number;
and if the server cache corresponding to the session token is not found or the server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing session operation according to the session request.
Preferably, the session management method further includes:
if the server cache is modified according to the session request, updating the version number of the server cache;
returning the updated version number to the client side for the client side to update the cache version number;
and sending the session token and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored in the distributed cache cluster.
Preferably, the step of acquiring the session token and the cache version number carried by the session request when receiving the session request sent by the client includes:
when a session request sent by a client is received, a session token and cache data carried by the session request are obtained;
analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number;
the session management method further comprises:
and if the plaintext cache and/or the encrypted cache is modified according to the session request, returning the modified plaintext cache and/or the modified encrypted cache to the client for updating by the client.
Preferably, the session management method further includes:
when a session request sent by a client is received, a session token carried by the session request, a key cached by a server required by session operation and a cached version number are obtained;
according to the session token and the key, locally searching a required server cache in a server;
if the required server cache is found successfully, judging whether the server cache is the latest version according to the cache version number;
and if the required server cache is not found or the server cache is not the latest version, acquiring the corresponding server cache from the distributed cache cluster according to the session token and the key, and performing session operation according to the session request.
Preferably, the session management method further includes:
and if the server cache found locally in the server is the latest version, performing session operation by using the found server cache.
In addition, to achieve the above object, the present invention also provides a session management system, including:
the analysis module is used for acquiring a session token and a cache version number carried by a session request when the session request sent by a client is received;
the searching module is used for locally searching a server cache corresponding to the session token in a server;
the judging module is used for judging whether the server cache is the latest version or not according to the cache version number if the server cache corresponding to the session token is found successfully;
and the operation module is used for acquiring the server cache corresponding to the session token from the distributed cache cluster and carrying out session operation according to the session request if the server cache corresponding to the session token is not found or the server cache is not the latest version.
Preferably, the session management system further includes:
a first updating module, configured to update a version number of the server cache if the server cache is modified according to the session request; returning the updated version number to the client side for the client side to update the cache version number; and sending the session token and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored in the distributed cache cluster.
Preferably, the parsing module is further configured to,
when a session request sent by a client is received, a session token and cache data carried by the session request are obtained; analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number;
the session management system further includes:
and the second updating module is used for returning the modified plaintext cache and/or the modified encryption cache to the client side for updating by the client side if the plaintext cache and/or the modified encryption cache is modified according to the session request.
Preferably, the parsing module is further configured to,
when a session request sent by a client is received, a session token carried by the session request, a key cached by a server required by session operation and a cached version number are obtained;
the searching module is also used for locally searching a required server cache in the server according to the session token and the key;
the judging module is further used for judging whether the server cache is the latest version according to the cache version number if the required server cache is found successfully;
the operation module is further configured to, if the required server cache is not found or the server cache is not the latest version, obtain a corresponding server cache from the distributed cache cluster according to the session token and the key, and perform a session operation according to the session request.
Preferably, the operation module is further configured to,
and if the server cache found locally in the server is the latest version, performing session operation by using the found server cache.
According to the session management method and system provided by the embodiment of the invention, when a server receives a session request sent by a client, the server identifies the client by acquiring a session token and a cache version number carried by the session request, and acquires cache data corresponding to the client; then, a server cache corresponding to the session token of the client is searched locally in the server; if the server cache corresponding to the client session token is found locally in the server, whether the server cache is the latest version or not needs to be judged according to the cache version number; and if the server cache corresponding to the session token is not found or the found server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing session operation according to the session request. The session cache data is stored in the server side, so that the safety of the cache data is guaranteed, and the size of cookie (cache) of the client side is not limited; because a plurality of servers are arranged in the application service cluster, the client can possibly carry out conversation with different servers, and in order to ensure that the servers can use the latest server cache when carrying out conversation operation, the invention configures the cache version number for the server cache to represent the version of the server cache and judge whether the server cache is the latest version. In addition, in order to reduce the burden of the servers for storing the cache data, each server only needs to store the session server cache of the client having the session with the server, and the server cache of the latest version is stored in the distributed cache cluster for the server to call. When the server receives the session request, the server cache stored locally is preferentially considered to be used, and only when the server does not locally have the server cache of the client or the local server cache version is not up-to-date, the server cache of the up-to-date version is pulled from the distributed cache cluster, so that the delay and instability caused by the fact that data is pulled from the distributed cache cluster every time are avoided; the distributed cache cluster adopts a distributed architecture, so that the condition that no data is available in the application cluster due to the fact that a single session server fails is avoided. Therefore, the invention ensures that the client accesses any one server in the WEB application cluster, and the server can use the latest version of cache data to perform session operation, thereby realizing session management when the WEB application is applied to multiple servers and avoiding the risks of single point problem, more memory occupation, high network overhead, low safety and the like in the management operation.
Drawings
FIG. 1 is a flowchart illustrating a session management method according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating a session management method according to a second embodiment of the present invention;
FIG. 3 is a flowchart illustrating a session management method according to a third embodiment of the present invention;
FIG. 4 is a flowchart illustrating a session management method according to a fourth embodiment of the present invention;
FIG. 5 is a flowchart illustrating a fifth embodiment of a session management method according to the present invention;
fig. 6 is a functional module schematic diagram of the session management system according to the first embodiment, the fourth embodiment and the fifth embodiment of the present invention;
FIG. 7 is a functional block diagram of a session management system according to a second embodiment of the present invention;
FIG. 8 is a functional block diagram of a session management system according to a third embodiment of the present invention;
FIG. 9 is a schematic diagram of a session mode according to an embodiment of the present invention;
FIG. 10 is a diagram illustrating a server-side cache model according to an embodiment of the present invention;
fig. 11 is an application scenario interaction diagram in the embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, a first embodiment of a session management method according to the present invention provides a session management method, where the session management method includes:
step S10, when receiving a session request sent by a client, obtaining a session token and a cache version number carried by the session request.
The embodiment provides a session model based on a cache version and distributed cache, so that session management of multiple WEB application servers is realized, and various meeting management risks are effectively avoided.
Specifically, as an embodiment, when a client accesses a WEB application for the first time, a server providing service support for the client creates a session of the client, and configures a corresponding session token for the client, for example, a session token with a 64-bit string, for identifying a session and related data corresponding to the client. Based on the session token, the session data corresponding to the client can be uniquely found. It should be noted that the server in this embodiment refers to an application server in a WEB application server cluster.
And the server configures session cache data including data such as user name and password for the client according to needs, and stores the session cache data as a server cache locally in the server. And the corresponding relation between the server cache and the session token is configured, so that the corresponding server cache can be found according to the session token of the client and used for session operation.
After the server cache is configured, the server also needs to set the version number of the server cache and return the version number to the client; and the server caches the server side in the distributed cache cluster, and of course, the server can also store the corresponding version number. It should be noted that, when the server configures the version number for the client for the first time, the version number may be configured to be 0.
Thereafter, each time the server modifies the server cache, the version number of the server cache needs to be updated. Then, the server sends the updated server cache and the corresponding version number to the distributed cache cluster, and correspondingly updates the server cache and the version number in the distributed cache, so that the server cache and the version number in the distributed cache cluster are kept to be the latest version; and meanwhile, the version number cached by the server is returned to the client, and the client correspondingly updates the cached version number stored by the client.
It should be noted that, when the server updates the version number, the server may perform accumulation of a fixed value on the basis of the original version number, for example, when the server modifies the server cache each time, the server adds 1 to the version number of the server cache and returns the version number to the client, and the client updates the cache version number stored in the client according to the received version number; and meanwhile, the server sends the updated server cache and the corresponding version number to the distributed cache cluster for updating.
When a client initiates a session request to a WEB application server cluster, a session token and a stored cache version number of the client are configured into the session request.
The WEB application server cluster distributes the session request to the server therein for processing.
When receiving a session request of a client, a server analyzes the session request and acquires a session token and a cache version number carried in the session request.
It should be noted that the server configuring the session token for the client and the server currently providing service support for the client may be the same server or different servers.
And step S20, locally searching a server cache corresponding to the session token in the server.
When the server performs session operation and needs to use historical session data, the server firstly searches whether the session data of the client is stored in the server locally according to the session token of the client.
And if the corresponding server cache is not found in the local server according to the session token, indicating that the current client accesses the server for the first time.
If the corresponding server cache is found locally in the server according to the session token, it indicates that the current client does not access the server for the first time.
And step S30, if the server cache corresponding to the session token is found successfully, judging whether the server cache is the latest version according to the cache version number.
Because the client may also access other servers after accessing the server, if the other servers modify the server cache, the session data in the server may be old.
Therefore, it is necessary to determine whether the server cache stored locally in the server is the latest version, that is, whether the server cache stored locally in the server is available.
Specifically, as an implementation manner, first, a version number corresponding to a cache of a local server of a server is obtained.
Then, the server judges whether the version number cached by the local server side is larger than or equal to the cache version number cached by the client side.
If the version number of the local server cache is greater than or equal to the side cache version number of the client, the server cache stored locally by the server is the latest version and is available.
If the version number of the server-side cache is smaller than the cache version number of the client-side, the server-side cache locally stored by the server is not the latest version, the client-side may perform data interaction with other servers, other servers modify the server-side cache of the client-side, and the server-side cache locally stored by the server is unavailable.
Step S40, if the server cache corresponding to the session token is not found, or the server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing a session operation according to the session request.
When the server cache corresponding to the client session token is not found locally in the server, the server cache is not available locally, and the server cache of the client needs to be searched from the distributed cache cluster.
When the local server cache of the server is not the latest version, the local server cache of the server is an old version and cannot be used, and the server also needs to search the server cache of the client from the distributed cache cluster.
Specifically, when the server cache of the client is searched in the distributed cache cluster, the corresponding server cache is searched according to the session token of the client, and the obtained file is the latest version of the server cache corresponding to the client.
Thereafter, the server may use the server cache to perform management operations on the session according to the session request, for example, restore a browsing page of the client according to the server cache, and the like.
And when the server returns the reply message to the client, the server carries out session renewal on the current session.
In this embodiment, when receiving a session request sent by a client, a server obtains a session token and a cache version number carried by the session request to identify the client and obtain cache data corresponding to the client; then, a server cache corresponding to the session token of the client is searched locally in the server; if the server cache corresponding to the client session token is found locally in the server, whether the server cache is the latest version or not needs to be judged according to the cache version number; and if the server cache corresponding to the session token is not found or the found server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing session operation according to the session request. The embodiment stores the session cache data in the server, thereby ensuring the security of the cache data and being not limited by the size of cookie (cache) of the client; because there are multiple servers in the application service cluster, the client may have sessions with different servers, and in order to ensure that the server can use the latest server cache during session operation, this embodiment configures a cache version number for the server cache to represent the version of the server cache and determine whether the server cache is the latest version. In addition, in order to reduce the burden of the servers for storing the cache data, each server only needs to store the session server cache of the client having the session with the server, and the server cache of the latest version is stored in the distributed cache cluster for the server to call. When the server receives the session request, the server cache stored locally is preferentially considered to be used, and only when the server does not locally have the server cache of the client or the local server cache version is not up-to-date, the server cache of the up-to-date version is pulled from the distributed cache cluster, so that the delay and instability caused by the fact that data is pulled from the distributed cache cluster every time are avoided; the distributed cache cluster adopts a distributed architecture, so that the condition that no data is available in the application cluster due to the fact that a single session server fails is avoided. Therefore, the embodiment ensures that the client accesses any one server in the WEB application cluster, and the server can use the latest version of cache data to perform session operation, so that session management in the case of multiple WEB applications is realized, and the risks of single point problem, large memory occupation, high network overhead, low security and the like in the management operation are avoided.
Further, referring to fig. 2, a second embodiment of the session management method according to the present invention provides a session management method, based on the embodiment shown in fig. 1, the session management method further includes:
step S50, if the server cache is modified according to the session request, updating the version number of the server cache.
When the server performs session operation, if the server cache needs to be modified, the server needs to correspondingly update the version number of the server cache.
It should be noted that, when the server updates the version number, the server may perform accumulation of a fixed value on the basis of the original version number, for example, when the server modifies the server cache each time, the server cache adds 1 to the version number.
And step S60, returning the updated version number to the client side for the client side to update the cache version number.
After the server cache is modified and the version numbers are updated, the server configures the version numbers updated by the server cache into a reply message and returns the reply message to the client. Meanwhile, the server also needs to asynchronously renew the session by using the session token. When the description is needed, the session token needs to be written back by using the first-level domain name, so that the authority of the session token is guaranteed.
And the client updates the cache version number stored by the client according to the received version number, and then uses the updated cache version number when the client sends a session request.
Step S70, sending the session token and the modified server cache to the distributed cache cluster, so that the distributed cache cluster updates the server cache stored in the distributed cache cluster correspondingly.
After the server cache is modified and the version numbers are updated, the server also needs to send the modified server cache and the session token of the client to the distributed cache cluster.
And after receiving the modified server cache and the session token of the client, the distributed cache cluster updates all the server caches of the client into modified data according to the session token.
Further, the server sends the session token, the modified server cache and the updated version number to the distributed cache cluster, so that the distributed cache cluster updates the server cache stored in the distributed cache cluster correspondingly.
Therefore, the server cache in the distributed cache cluster is guaranteed to be the latest version all the time.
In this embodiment, if the server modifies the server cache according to the session request during the session operation, the server needs to update the version number of the server cache to identify the updated server cache; then, the server returns the updated version number to the client for the client to update the cache version number, so that the client can obtain the latest cache version number and can request to use the latest version of the server cache when a session request is carried out; meanwhile, the server sends the session token of the client and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the stored server cache, and the server cache in the distributed cache cluster is maintained at the latest version. In this embodiment, when the session operation modifies the server-side cache, the data in the client and the distributed cache are timely corresponded, so that the update management of the cache data in the session is realized, and it is ensured that the server in the WEB application server cluster can always perform the session operation using the latest version of the cache data.
Further, referring to fig. 3, a third embodiment of the session management method according to the present invention provides a session management method, based on the above embodiment shown in fig. 1 or fig. 2 (this embodiment takes fig. 1 as an example), where step S10 includes:
step S11, when receiving a session request sent by a client, acquiring a session token and cache data carried by the session request;
step S12, analyzing the cache data according to a preset cache template to obtain a plaintext cache, an encrypted cache and/or server side cache information, wherein the server side cache information comprises a cache version number;
the session management method further comprises:
step S80, if the plaintext cache and/or the encrypted cache is modified according to the session request, returning the modified plaintext cache and/or encrypted cache to the client for updating by the client.
In order to reduce the burden of the server, the client stores the cache data of part of the session in this embodiment.
Specifically, when the server configures the cache data for the client, the cache data is divided into three types: the system comprises a plaintext cache, an encryption cache and a server cache, and is used for recording session data in a classified manner.
The plaintext cache is configured to the client in plaintext form, and is generally unimportant and public data, such as a nickname of a user.
The encryption cache is configured to the client after the server encrypts the cache data. The encryption cache is important cache data which is not expected to be directly accessible by a third party, such as an internal ID of a user.
The server side caching means that only caching version numbers are configured to caching data of the client side, and actual caching data exist in the server side. The server cache is very important cache data, and if the cache data is leaked, the security of the system is affected, such as a login password and the like.
When the client sends a session request, the plaintext cache, the encryption cache and the server cache information stored in the session request are packaged to generate cache data, and the cache data are configured in the session request. In addition, it is also necessary to configure its session token into the session request.
When the server receives the session request, the server analyzes the session request to obtain the session token of the client and the cache data of the client.
And then, the server analyzes the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information of the client. The server side cache information comprises a cache version number of the server side cache. Of course, the server may not parse the cached data first, and parse the cached data when the session operation is needed.
It should be noted that the server can directly use the plaintext cache; the encryption cache can be used after being decrypted by using a pre-configured secret key; and if the server cache exists, judging whether the local server cache is the latest version or not to obtain the latest version of the server cache.
And if the server modifies the plaintext cache and/or the encryption cache during session operation, the server configures the modified plaintext cache and/or the modified encryption cache into a reply message and returns the reply message to the client.
The client stores the modified plaintext cache and/or the modified encryption cache, and replaces the old version plaintext cache and/or the old version encryption cache stored before.
If the server modifies the server cache and updates the version of the server cache during session operation, the server configures the updated cache version number into the reply message and returns the reply message to the client. And meanwhile, the server sends the modified server cache to the distributed cache cluster for updating.
When various types of caches are adopted to store the session data, the configuration, calling and updating of the plaintext cache, the encryption cache and the server cache are independent.
In this embodiment, when receiving a session request sent by a client, a server obtains a session token and cache data carried by the session request; then, analyzing the cache data according to a preset cache template to obtain a plaintext cache, an encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number; and if the server modifies the plaintext cache and/or the encrypted cache according to the session request during session operation, returning the modified plaintext cache and/or the modified encrypted cache to the client so that the client can update the cache data. The embodiment adopts a cache classification and version mechanism, classifies cache data according to the importance and safety of the data, only takes the very important cache data as the server cache to be stored in the server, and realizes that the data is safe and controllable by a light server and a heavy client because the data of the server is light. For the plaintext cache and the encryption cache configured to the client, the server can directly update the cache data of the client after the session operation is modified, so that the session efficiency is improved.
Further, referring to fig. 4, a fourth embodiment of the session management method according to the present invention provides a session management method, based on the embodiments shown in fig. 1, fig. 2, or fig. 3 (this embodiment takes fig. 1 as an example), where step S10 includes:
step S13, when receiving a session request sent by a client, acquiring a session token carried by the session request, and a key and a cache version number cached by a server required by session operation;
the step S20 includes:
step S21, according to the session token and the key, the server locally searches the needed server cache;
the step S30 includes:
step S31, if the required server cache is found successfully, judging whether the server cache is the latest version according to the cache version number;
the step S40 includes:
step S41, if the required server cache is not found, or the server cache is not the latest version, obtaining the corresponding server cache from the distributed cache cluster according to the session token and the key, and performing a session operation according to the session request.
When the server performs a session operation, only part of data in the session cache may be needed, instead of the whole session data, so that key-value may be used to distinguish different cache data in the same session data, where different keys correspond to different contents or types of cache data, a value corresponding to each key is the cache data content corresponding to each key, for example, a value corresponding to the key 123 is an account name, and a value corresponding to the key 456 is a login password.
Therefore, the session data of the same client may include values corresponding to a plurality of keys, that is, a server cache object corresponding to a plurality of keys.
The method comprises the steps that when a server receives a session request sent by a client, a session token carried by the session request is obtained; meanwhile, a cached key of the server required by the session operation and a cached version number of the required server need to be acquired according to the session request.
Then, the server searches the corresponding value locally in the server according to the obtained session token and the key, and the found value is taken as the current required server side for caching. Specifically, the server may first find a corresponding value according to the session token of the client; and finding out the value corresponding to the key from the values corresponding to the session token to serve as the required server cache.
If the corresponding server cache is successfully found according to the session token and the key, judging whether the found server cache is the latest version or not according to the cache version number of the server cache recorded by the client side and the version number of the server cache locally found in the server.
And if the server cache required by the session operation is not found according to the session token and the key, or the found server cache is not the latest version, searching the corresponding server cache from the distributed cache cluster according to the session token and the key, and performing the session operation.
Further, if the server cache is modified according to the session request during session operation, updating the version number of the server cache; returning the updated version number to the client side for the client side to update the cached version number; and sending the session token, the session key and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the stored server cache.
After receiving the session token and the key and the modified server cache, the distributed cache cluster firstly determines a value to be updated according to the session token and the key; the modified server cache is then used to update the value that needs to be updated.
Further, if the client locally stores plaintext cache, encrypted cache and/or server cache information, the following is correspondingly performed:
when receiving a session request sent by a client, a server acquires a session token and cache data carried by the session request; and analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server information comprises keys corresponding to each server cache and cache version numbers.
And if the session operation needs to use the server cache, the server determines the cached key and the cached version number of the server required by the session operation according to the session request and the server cache information.
Then, according to the obtained session token and key, searching a required server cache locally in the server; if the required server cache is found successfully, judging whether the local server cache of the server is the latest version according to the cache version number; and if the required server cache is not found or the found server cache is not the latest version, acquiring the corresponding server cache from the distributed cache cluster according to the obtained session token and the key, and performing session operation according to the session request.
If the server modifies the server cache according to the session request, updating the version number of the server cache; returning the key corresponding to the server cache and the updated version number to the client for the client to update the cache version number in the server cache information; and simultaneously, sending the session token, the key corresponding to the server cache and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored by the distributed cache cluster.
And if the server modifies the plaintext cache and/or the encrypted cache according to the session request, the second updating module caches the updated plaintext cache and/or the updated encrypted cache so that the client updates the cache data.
The updating of the plaintext cache, the encryption cache and the server cache are independent.
In this embodiment, when receiving a session request sent by a client, a server obtains a session token carried by the session request, and a key and a cache version number of a server cache required by a session operation, thereby determining a key corresponding to the server cache required by the session operation and a version number of the server cache required by the client; then, the server locally searches the required server cache according to the obtained session token and the key; if the required server cache is found successfully in the local server, judging whether the local server cache of the server is the latest version according to the cache version number recorded by the client side; if the required server cache is not found locally in the server or the server cache local to the server is not the latest version, the server acquires the corresponding server cache from the distributed cache cluster according to the obtained session token and the key, and performs session operation according to the session request. In this embodiment, the server cache is divided into multiple copies by using a key, and the server may only obtain the server cache required by the server, and may also only perform an update operation on the required server cache. In addition, the distributed cache cluster can support reading and updating of single or multiple session values, return of the whole session object is prevented, network consumption is reduced, and session efficiency is improved.
Further, referring to fig. 5, a fifth embodiment of the session management method according to the present invention provides a session management method, based on the embodiments shown in fig. 1, fig. 2, fig. 3, or fig. 4 (the embodiment takes fig. 1 as an example), the session management method further includes:
and step S90, if the server cache found locally in the server is the latest version, using the found server cache to perform session operation.
When the corresponding server cache is searched locally in the server according to the session token or is searched locally in the server according to the obtained session token and the key, if the corresponding server cache is found successfully and the found server cache stored locally in the server is the latest version and is available, the server uses the server cache local to the server to perform session operation.
If the server modifies the server cache according to the session request, updating the version number of the server cache; returning the updated version number to the client side for the client side to update the cached version number; and sending the session token of the client and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored by the distributed cache cluster. Or
Returning the updated version number and the key corresponding to the server cache to the client for the client to update the cache version number; and sending the session token of the client, the modified server cache and the key corresponding to the server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored by the distributed cache cluster
Further, referring to fig. 9, as a specific session mode, the session system includes a Client (Client), an Application Server (WEB Application), and a Distributed Memory Cache (Distributed Cache cluster).
The stored cookie includes three types, i.e., Normal (plaintext cache), Encrypt (encrypted cache), and Server (Server cache). Of course, a session token is also stored. The Name-Value relationship is used in all types of cache data to store the data, which is convenient for searching, for example, the ID in the plaintext cache is named as ID, and the corresponding Value is 108.
An Application Server (WEB Application) includes a Cookie Manager (cache Manager) and a Session Manager (Session Manager).
The Cookie Manager is used for performing Request Cookie Server (Request for cache analysis) according to a preset Cookie Template, performing Request Cookie Map (Request for cache mapping) on the cache obtained by analysis, and processing the cache to the Session Manager. Cookie Manager is also used for Response Cookie Writer (write-back cache data), including configuration and updating of Cookies.
The Session Manager is mainly used for Session Operation, Local Session management, and Distributed Session Agent.
And the Session Operation is used for carrying out Session Operation by using the cache data mapped by the Cookie Manager according to the Session request or processing the cache data.
Local Session is mainly used for version comparison, Session renewal, Session cleaning and the like. The version comparison means that the local server cache version number of the server is compared with the cache version number of the client side, and whether the local server cache of the server is the latest version is judged; the session renewal is used for replying to the client to renew the session; session cleaning is used to clean up expired sessions.
The Distributed Session Agent is mainly used for data acquisition, data updating, Session renewal and the like. The data acquisition means that when the server Cache version local to the server is not the latest version, the server Cache of the latest version is acquired from the Distributed Memory Cache; the data updating means that when the Cache of the server is modified, the Cache of the server in the Distributed Memory Cache is updated, so that the Cache of the server in the Distributed Memory Cache is maintained in the latest version; the session renewal refers to a Distributed session with the Distributed Memory Cache.
Referring to fig. 10, the server-side caching model includes a local session container and a distributed session container.
Both the local session container and the distributed session container are Hash structures, String being a Serializable object.
Two fields must be included in the serializable object elementary data structure: version number and update flag bit for writing back cookies. The server judges whether the server Cache in the server local is the latest version by using the version number, and if not, the server Cache is pulled from the Distributed session with the Distributed Memory Cache. If the server modifies the server cache, the version number is incremented by 1 and written back to the cookie while updating the data of the distributed session container.
The local session container adopts a HashTable structure, uses a character string as a Key and a serializable object as a Value; the Distributed session container, namely the Distributed Memory Cache and the Distributed Cache cluster, can adopt a Distributed Cache component, such as Redis, and can support reading and updating of single and multiple session values, so that the whole session object can be prevented from being returned when only a value corresponding to a certain key is called.
The Distributed Memory Cache includes the latest version of the client Cache of each client, and identifies and distinguishes the client caches of different clients by using Distributed Session keys (i.e., Session keys).
The same client may correspond to Value corresponding to multiple different keys, that is, the client cache objects corresponding to different keys.
Therefore, session management is realized through the Client, the Application Server and the Distributed Memory Cache.
Further, referring to fig. 11, as a specific application scenario, the Client sends a session Request to the application server.
The Cookie Manager carries out filter a request, the passer with Cookie template (carries out analysis according to the cache template), and the obtained cookies comprise three types of caches of normal Cookie value (plaintext cache), encrypt Cookie value (encryption cache) and server Cookie value (server side cache). The server cookie value records the version number of each server cache of the client and the corresponding key of each server cache.
The Cookie Manager puts the three types of caches into a Cookie pool, creates a create Cookie map, and maps the cache data in the Cookie pool to the Session Manager.
Then, the Session Manager performs Session Operation.
If the Session Manager needs to get Session data (call Session data), get value by type (determine the type of Session data that needs to be called).
If the plaintext cache or the encryption cache needs to be called, get the value from cookie (read from the cookie pool). If the server cache needs to be called, get value from local session (read from local); if the local server cache needing to be called exists, performing compare version, comparing the version number corresponding to the server cache on the client side with the local version number, and judging whether the local server cache is the latest version.
If the local server cache is the latest version, calling the local server cache; if not, getvalue from Distributed Session Agent pulls the latest version of server cache from the Distributed Session.
If the server cache needing to be called is not found locally, the get value from distributed Session Agent is obtained. If the distributed Session does not return the pulled cache data, the Session Manager needs to create a new server cache and configure the version number to be 0.
If the Session Manager needs set Session data (configuring Session data), including new creation and modification, a set by Session type (setting the type of Session data) is first set.
If set cookie normal data (configured with a plaintext cache) or set cookie encrypt data (configured with an encryption cache) is needed, mark in cookie map (marked in a cache map) is provided for set change inresponse (configuring an update into a reply message to a client), and furthermore, a renewal distribution is needed.
If the set cookie server data is needed (the server cache is configured), update localization (local server cache updating) and update distributed session (server cache updating) are needed, that is, synchronous updating of the server caches in the server local and distributed cache clusters is realized. It should be noted that the version number also needs to be updated correspondingly.
Thereby, session management is achieved.
In this embodiment, if the server cache found locally in the server is the latest version, the server performs a session operation using the found server cache. According to the embodiment, the local server cache of the server is preferentially used for session operation, network and system resources occupied by the server cache pulled from the distributed cache cluster are reduced, and the session management efficiency is improved.
Referring to fig. 6, a first embodiment of the session management system of the present invention provides a session management system including:
the analysis module 10 is configured to, when receiving a session request sent by a client, obtain a session token and a cache version number carried in the session request.
The embodiment provides a session model based on a cache version and distributed cache, so that session management of multiple WEB application servers is realized, and various meeting management risks are effectively avoided. The session management system may be deployed in a WEB application server.
Specifically, as an embodiment, when a client accesses a WEB application for the first time, a creating module in a server providing service support for the client creates a session of the client, and configures a corresponding session token for the client, for example, a session token with a 64-bit string, for identifying the session and related data corresponding to the client. Based on the session token, the session data corresponding to the client can be uniquely found. It should be noted that the server in this embodiment refers to an application server in a WEB application server cluster.
And the creating module configures session cache data including data such as user name and password for the client according to needs, and stores the session cache data as a server cache locally in the server. And the corresponding relation between the server cache and the session token is configured, so that the corresponding server cache can be found according to the session token of the client and used for session operation.
After the server cache is configured, the creating module also needs to set the version number of the server cache and return the version number to the client; and the creating module stores the server cache into the distributed cache cluster, and certainly, the creating module can also store a corresponding version number. It should be noted that, when the server configures the version number for the client for the first time, the version number may be configured to be 0.
Thereafter, each time the server modifies the server cache, the version number of the server cache needs to be updated. Then, the updated server cache and the corresponding version number are sent to the distributed cache cluster, and the server cache and the version number in the distributed cache are updated correspondingly, so that the server cache and the version number in the distributed cache cluster are kept to be the latest version; and meanwhile, the version number cached by the server is returned to the client, and the client correspondingly updates the cached version number stored by the client.
It should be noted that, when the server updates the version number, the server may perform accumulation of a fixed value on the basis of the original version number, for example, when the server modifies the server cache each time, the server adds 1 to the version number of the server cache and returns the version number to the client, and the client updates the cache version number stored in the client according to the received version number; and meanwhile, the server sends the updated server cache and the corresponding version number to the distributed cache cluster for updating.
When a client initiates a session request to a WEB application server cluster, a session token and a stored cache version number of the client are configured into the session request.
The WEB application server cluster distributes the session request to the server therein for processing.
When a session management system deployed in a server receives a session request from a client, an analysis module 10 analyzes the session request to obtain a session token and a cache version number carried in the session request.
It should be noted that the server configuring the session token for the client and the server currently providing service support for the client may be the same server or different servers.
And the searching module 20 is configured to locally search the server cache corresponding to the session token in the server.
When the server performs a session operation and needs to use the historical session data, the search module 20 firstly searches locally in the server whether the session data of the client is stored according to the session token of the client.
If the search module 20 does not find the corresponding server cache locally in the server according to the session token, it indicates that the current client accesses the server for the first time.
If the search module 20 finds the corresponding server cache locally in the server according to the session token, it indicates that the current client does not access the server for the first time.
And the determining module 30 is configured to, if the server cache corresponding to the session token is successfully found, determine whether the server cache is the latest version according to the cache version number.
Because the client may also access other servers after accessing the server, if the other servers modify the server cache, the session data in the server may be old.
Therefore, the determining module 30 needs to determine whether the server cache stored locally in the server is the latest version, that is, whether the server cache local to the server is available.
Specifically, as an embodiment, first, the determining module 30 obtains a version number corresponding to the local server cache of the server.
Then, the determining module 30 determines whether the version number of the local server cache is greater than or equal to the side cache version number of the client.
If the version number of the local server cache is greater than or equal to the cache version number of the client side, the server cache stored locally by the server is the latest version and is available.
If the version number of the local server cache is smaller than the cache version number of the client side, the version number of the server cache locally stored by the server is not the latest version, the client side may perform data interaction with other servers, other servers modify the server cache of the client side, and the server cache locally stored by the server is unavailable.
And the operation module 40 is configured to, if the server cache corresponding to the session token is not found, or the server cache is not the latest version, obtain the server cache corresponding to the session token from the distributed cache cluster, and perform a session operation according to the session request.
When the search module 20 does not find the server cache corresponding to the client session token locally in the server, no server cache locally is available locally in the server, and the operation module 40 needs to search the server cache of the client from the distributed cache cluster.
When the local server cache of the server is not the latest version, the local server cache of the server is an old version and cannot be used, and the operation module 40 also needs to search the server cache of the client from the distributed cache cluster.
Specifically, when the operation module 40 searches for the server cache of the client in the distributed cache cluster, the corresponding server cache is searched according to the session token of the client, and the obtained file is the latest version of the server cache corresponding to the client.
Thereafter, the operation module 40 may use the server cache to perform management operation on the session according to the session request, for example, restore the browsing page of the client according to the server cache.
And, the operation module 40 performs session renewal on the current session when returning the reply message to the client.
In this embodiment, when receiving a session request sent by a client, the parsing module 10 obtains a session token and a cache version number carried in the session request to identify the client and obtain cache data corresponding to the client; then, the search module 20 searches a server cache corresponding to the session token of the client locally in the server; if the server cache corresponding to the client session token is found locally in the server, the determining module 30 needs to determine whether the server cache is the latest version according to the cache version number; if the search module 20 does not find the server cache corresponding to the session token, or the found server cache is not the latest version, the server cache corresponding to the session token is obtained from the distributed cache cluster of the operation module 40, and the session operation is performed according to the session request. The embodiment stores the session cache data in the server, thereby ensuring the security of the cache data and being not limited by the size of cookie (cache) of the client; because there are multiple servers in the application service cluster, the client may have sessions with different servers, and in order to ensure that the server can use the latest server cache during session operation, this embodiment configures a cache version number for the server cache to represent the version of the server cache and determine whether the server cache is the latest version. In addition, in order to reduce the burden of the servers for storing the cache data, each server only needs to store the session server cache of the client having the session with the server, and the server cache of the latest version is stored in the distributed cache cluster for the server to call. When the server receives the session request, the server cache stored locally is preferentially considered to be used, and only when the server does not locally have the server cache of the client or the local server cache version is not up-to-date, the server cache of the up-to-date version is pulled from the distributed cache cluster, so that the delay and instability caused by the fact that data is pulled from the distributed cache cluster every time are avoided; the distributed cache cluster adopts a distributed architecture, so that the condition that no data is available in the application cluster due to the fact that a single session server fails is avoided. Therefore, the embodiment ensures that the client accesses any one server in the WEB application cluster, and the server can use the latest version of cache data to perform session operation, so that session management in the case of multiple WEB applications is realized, and the risks of single point problem, large memory occupation, high network overhead, low security and the like in the management operation are avoided.
Referring to fig. 7, a second embodiment of the session management system according to the present invention provides a session management system, which is characterized by further including:
a first updating module 50, configured to update the version number of the server-side cache if the server-side cache is modified according to the session request; returning the updated version number to the client side for the client side to update the cache version number; and sending the session token and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored in the distributed cache cluster.
When the operation module 40 performs a session operation, if the server cache needs to be modified, the first updating module 50 needs to correspondingly update the version number of the server cache.
It should be noted that, when the first updating module 50 updates the version number, the first updating module 50 may perform accumulation of a fixed value on the basis of the original version number, for example, when the operation module 40 modifies the server cache each time, the first updating module 50 adds 1 to the version number of the server cache.
After modifying the server cache and updating the version numbers, the first updating module 50 configures the version numbers updated by the server cache into the reply message and returns the reply message to the client. At the same time, the first update module 50 also needs to asynchronously renew the session using the session token. When the description is needed, the session token needs to be written back by using the first-level domain name, so that the authority of the session token is guaranteed.
And the client updates the cache version number stored by the client according to the received version number, and then uses the updated cache version number when the client sends a session request.
After modifying the server cache and updating each version number, the first update module 50 needs to send the modified server cache and the session token of the client to the distributed cache cluster.
And after receiving the modified server cache and the session token of the client, the distributed cache cluster updates all the server caches of the client into modified data according to the session token.
Further, the first updating module 50 sends the session token, the modified server cache, and the updated version number to the distributed cache cluster, so that the distributed cache cluster updates the server cache stored in the distributed cache cluster correspondingly.
Therefore, the server cache in the distributed cache cluster is guaranteed to be the latest version all the time.
In this embodiment, if the operation module 40 modifies the server cache according to the session request during the session operation, the first updating module 50 needs to update the version number of the server cache to identify the updated server cache; then, the first updating module 50 returns the updated version number to the client for the client to update the cache version number, so that the client can obtain the latest cache version number and can request to use the latest server cache when a session request is made; meanwhile, the first updating module 50 sends the session token of the client and the modified server cache to the distributed cache cluster, so that the distributed cache cluster updates the stored server cache correspondingly, and the server cache in the distributed cache cluster is guaranteed to be maintained in the latest version. In this embodiment, when the session operation modifies the server-side cache, the data in the client and the distributed cache are timely corresponded, so that the update management of the cache data in the session is realized, and it is ensured that the server in the WEB application server cluster can always perform the session operation using the latest version of the cache data.
Further, referring to fig. 8, a third embodiment of the session management system of the present invention provides a session management system, based on the above-mentioned embodiment shown in fig. 6 or fig. 7 (taking fig. 6 as an example in this embodiment), the parsing module 10 is further configured to,
when a session request sent by a client is received, a session token and cache data carried by the session request are obtained; analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number;
the session management system further includes:
a second updating module 60, configured to, if the plaintext cache and/or the encrypted cache is modified according to the session request, return the modified plaintext cache and/or encrypted cache to the client, so as to provide for the client to update.
In order to reduce the burden of the server, the client stores the cache data of part of the session in this embodiment.
Specifically, when the configuration module of the server configures the cache data for the client, the cache data is divided into three types: the system comprises a plaintext cache, an encryption cache and a server cache, and is used for recording session data in a classified manner.
The plaintext cache is configured to the client in plaintext form, and is generally unimportant and public data, such as a nickname of a user.
The encryption cache is configured to the client after the server encrypts the cache data. The encryption cache is important cache data which is not expected to be directly accessible by a third party, such as an internal ID of a user.
The server side caching means that only caching version numbers are configured to caching data of the client side, and actual caching data exist in the server side. The server cache is very important cache data, and if the cache data is leaked, the security of the system is affected, such as a login password and the like.
When the client sends a session request, the plaintext cache, the encryption cache and the server cache information stored in the session request are packaged to generate cache data, and the cache data are configured in the session request. In addition, it is also necessary to configure its session token into the session request.
When receiving the session request, the parsing module 10 parses the session request to obtain the session token of the client and the cache data of the client.
Then, the parsing module 10 parses the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information of the client. The server side cache information comprises a cache version number of the server side cache. Of course, the parsing module 10 may not parse the cached data first, and then parse the cached data when the session operation is needed.
It should be noted that the operation module 40 may directly use the plaintext buffer; the operation module 40 decrypts the encrypted cache by using the pre-configured secret key, and then can use the encrypted cache; if the server cache exists, the searching module 20 needs to preferentially search whether the local server cache corresponding to the session token of the client exists, and if the local server cache exists, the determining module 30 determines whether the local server cache is the latest version so as to obtain the latest version of the server cache.
If the operation module 40 modifies the plaintext cache and/or the encrypted cache during the session operation, the second updating module 60 configures the modified plaintext cache and/or the modified encrypted cache into the reply message, and returns the reply message to the client.
The client stores the modified plaintext cache and/or the modified encryption cache, and replaces the old version plaintext cache and/or the old version encryption cache stored before.
If the operation module 40 modifies the server cache and the first update module 50 updates the version of the server cache during the session operation, the first update module 50 configures the updated cache version number into the reply message and returns the reply message to the client. Meanwhile, the first updating module 50 sends the modified server cache to the distributed cache cluster for updating.
When various types of caches are adopted to store the session data, the configuration, calling and updating of the plaintext cache, the encryption cache and the server cache are independent.
In this embodiment, when receiving a session request sent by a client, the parsing module 10 obtains a session token and cache data carried in the session request; then, the parsing module 10 parses the cache data according to a preset cache template to obtain a plaintext cache, an encrypted cache and/or server-side cache information, where the server-side cache information includes a cache version number; if the server modifies the plaintext cache and/or the encrypted cache according to the session request during the session operation, the second updating module 60 returns the modified plaintext cache and/or the modified encrypted cache to the client, so that the client can update the cache data. The embodiment adopts a cache classification and version mechanism, classifies cache data according to the importance and safety of the data, only takes the very important cache data as the server cache to be stored in the server, and realizes that the data is safe and controllable by a light server and a heavy client because the data of the server is light. For the plaintext cache and the encryption cache configured to the client, the server can directly update the cache data of the client after the session operation is modified, so that the session efficiency is improved.
Further, referring to fig. 6, a fourth embodiment of the session management system of the present invention provides a session management system, based on the first, second or third embodiments of the session management system of the present invention (this embodiment takes the first embodiment of the session management system of the present invention as an example), the parsing module 10 is further configured to,
when a session request sent by a client is received, a session token carried by the session request, a key cached by a server required by session operation and a cached version number are obtained;
the search module 20 is further configured to search, according to the session token and the key, a required server cache locally in the server;
the determining module 30 is further configured to determine whether the server-side cache is the latest version according to the cache version number if the required server-side cache is found successfully;
the operation module 40 is further configured to, if the required server cache is not found or the server cache is not the latest version, obtain a corresponding server cache from the distributed cache cluster according to the session token and the key, and perform a session operation according to the session request.
When the server performs a session operation, only part of data in the session cache may be needed, instead of the whole session data, so that key-value may be used to distinguish different cache data in the same session data, where different keys correspond to different contents or types of cache data, a value corresponding to each key is the cache data content corresponding to each key, for example, a value corresponding to the key 123 is an account name, and a value corresponding to the key 456 is a login password.
Therefore, the session data of the same client may include values corresponding to a plurality of keys, that is, a server cache object corresponding to a plurality of keys.
When receiving a session request sent by a client, analyzing a session token carried by the session request of the module 10; meanwhile, the parsing module 10 further needs to obtain a cached key of the server required by the session operation and a cached version number of the required server according to the session request.
Then, the search module 20 searches for a corresponding value locally in the server according to the obtained session token and the key, and caches the found value as a currently required server. Specifically, the search module 20 may first find a corresponding value according to the session token of the client; and finding out the value corresponding to the key from the values corresponding to the session token to serve as the required server cache.
If the corresponding server cache is successfully found according to the session token and the key, the determining module 30 determines whether the found server cache is the latest version according to the cache version number of the server cache recorded on the client side and the version number of the server cache found locally on the server.
If the server cache required by the session operation is not found according to the session token and the key, or the found server cache is not the latest version, the operation module 40 searches the corresponding server cache from the distributed cache cluster according to the session token and the key, and performs the session operation.
Further, if the server cache is modified according to the session request during the session operation, the first updating module 50 updates the version number of the server cache; the first updating module 50 returns the updated version number to the client side for the client side to update the cache version number; the first updating module 50 sends the session token and key, and the modified server cache to the distributed cache cluster, so that the distributed cache cluster updates its stored server cache correspondingly.
After receiving the session token and the key and the modified server cache, the distributed cache cluster firstly determines a value to be updated according to the session token and the key; the modified server cache is then used to update the value that needs to be updated.
Further, if the client locally stores plaintext cache, encrypted cache and/or server cache information, the following is correspondingly performed:
when receiving a session request sent by a client, an analysis module 10 obtains a session token and cache data carried by the session request; the parsing module 10 parses the cached data according to a preset caching template to obtain plaintext caching, encrypted caching and/or server caching information, where the server information includes keys corresponding to the servers and caching version numbers.
If the session operation needs to use the server cache, the parsing module 10 determines the key and the cache version number of the server cache needed by the session operation according to the session request and the server cache information.
Then, the searching module 20 searches the required server cache locally in the server according to the obtained session token and key; if the required server cache is found successfully, the determining module 20 determines whether the local server cache of the server is the latest version according to the cache version number; if the required server cache is not found or the found server cache is not the latest version, the operation module 40 obtains the corresponding server cache from the distributed cache cluster according to the obtained session token and key, and performs session operation according to the session request.
If the operation module 40 modifies the server cache according to the session request, the first updating module 50 updates the version number of the server cache; returning the key corresponding to the server cache and the updated version number to the client for the client to update the cache version number in the server cache information; meanwhile, the first updating module 50 sends the session token, the key corresponding to the server cache, and the modified server cache to the distributed cache cluster, so that the distributed cache cluster updates the server cache stored in the distributed cache cluster correspondingly.
If the operation module 40 modifies the plaintext cache and/or the encrypted cache according to the session request, the second updating module updates the updated plaintext cache and/or the updated encrypted cache so that the client updates the cache data.
The updating of the plaintext cache, the encryption cache and the server cache are independent.
In this embodiment, when receiving a session request sent by a client, a server obtains a session token carried by the session request, and a key and a cache version number of a server cache required by a session operation, thereby determining a key corresponding to the server cache required by the session operation and a version number of the server cache required by the client; then, the server locally searches the required server cache according to the obtained session token and the key; if the required server cache is found successfully in the local server, judging whether the local server cache of the server is the latest version according to the cache version number recorded by the client side; if the required server cache is not found locally in the server or the server cache local to the server is not the latest version, the server acquires the corresponding server cache from the distributed cache cluster according to the obtained session token and the key, and performs session operation according to the session request. In this embodiment, the server cache is divided into multiple copies by using a key, and the server may only obtain the server cache required by the server, and may also only perform an update operation on the required server cache. In addition, the distributed cache cluster can support reading and updating of single or multiple session values, return of the whole session object is prevented, network consumption is reduced, and session efficiency is improved.
Further, referring to fig. 6, a fifth embodiment of the session management system of the present invention provides a session management system, based on the above first, second, third or fourth embodiments of the session management system of the present invention (the present embodiment takes the first embodiment of the session management system of the present invention as an example), the operation module 40 is further configured to,
and if the server cache found locally in the server is the latest version, performing session operation by using the found server cache.
When the corresponding server cache is searched locally in the server according to the session token or when the corresponding server cache is searched locally in the server according to the obtained session token and key, if the search module 20 successfully finds the corresponding server cache and finds that the server cache stored locally in the server is the latest version and is available, the operation module 40 performs a session operation using the server cache local to the server.
If the operation module 40 modifies the server cache according to the session request, the first updating module 40 updates the version number of the server cache; returning the updated version number to the client side for the client side to update the cached version number; and sending the session token of the client and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored by the distributed cache cluster. Or
The first updating module 40 returns the updated version number and the key corresponding to the server cache to the client for the client to update the cache version number; and sending the session token of the client, the modified server cache and the key corresponding to the server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored by the distributed cache cluster.
In this embodiment, if the server cache found locally in the server is the latest version, the operation module 40 performs a session operation using the found server cache. According to the embodiment, the local server cache of the server is preferentially used for session operation, network and system resources occupied by the server cache pulled from the distributed cache cluster are reduced, and the session management efficiency is improved.
The above description is only an alternative embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A session management method, characterized in that the session management method comprises the steps of:
when a session request sent by a client is received, a session token and a cache version number carried by the session request are obtained;
locally searching a server cache corresponding to the session token in an application server in a WEB application server cluster;
if the server cache corresponding to the session token is found successfully, judging whether the server cache is the latest version according to the cache version number;
and if the server cache corresponding to the session token is not found or the server cache is not the latest version, obtaining the server cache corresponding to the session token from the distributed cache cluster, and performing session operation according to the session request.
2. The session management method according to claim 1, wherein the session management method further comprises:
if the server cache is modified according to the session request, updating the version number of the server cache;
returning the updated version number to the client side for the client side to update the cache version number;
and sending the session token and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored in the distributed cache cluster.
3. The session management method according to claim 1, wherein the step of obtaining the session token and the cache version number carried by the session request when receiving the session request sent by the client comprises:
when a session request sent by a client is received, a session token and cache data carried by the session request are obtained;
analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number;
the session management method further comprises:
and if the plaintext cache and/or the encrypted cache is modified according to the session request, returning the modified plaintext cache and/or the modified encrypted cache to the client for updating by the client.
4. The session management method according to claim 1, wherein the session management method further comprises:
when a session request sent by a client is received, a session token carried by the session request, a key cached by a server required by session operation and a cached version number are obtained;
according to the session token and the key, locally searching a required server cache in an application server in a WEB application server cluster;
if the required server cache is found successfully, judging whether the server cache is the latest version according to the cache version number;
and if the required server cache is not found or the server cache is not the latest version, acquiring the corresponding server cache from the distributed cache cluster according to the session token and the key, and performing session operation according to the session request.
5. The session management method according to any of claims 1-4, wherein the session management method further comprises:
and if the server cache locally found by the application server in the WEB application server cluster is the latest version, performing session operation by using the found server cache.
6. A session management system, characterized in that the session management system comprises:
the analysis module is used for acquiring a session token and a cache version number carried by a session request when the session request sent by a client is received;
the searching module is used for locally searching a server cache corresponding to the session token in an application server in a WEB application server cluster;
the judging module is used for judging whether the server cache is the latest version or not according to the cache version number if the server cache corresponding to the session token is found successfully;
and the operation module is used for acquiring the server cache corresponding to the session token from the distributed cache cluster and carrying out session operation according to the session request if the server cache corresponding to the session token is not found or the server cache is not the latest version.
7. The session management system of claim 6, wherein the session management system further comprises:
a first updating module, configured to update a version number of the server cache if the server cache is modified according to the session request; returning the updated version number to the client side for the client side to update the cache version number; and sending the session token and the modified server cache to the distributed cache cluster so that the distributed cache cluster can correspondingly update the server cache stored in the distributed cache cluster.
8. The session management system of claim 6, wherein the parsing module is further to,
when a session request sent by a client is received, a session token and cache data carried by the session request are obtained; analyzing the cache data according to a preset cache template to obtain plaintext cache, encrypted cache and/or server cache information, wherein the server cache information comprises a cache version number;
the session management system further includes:
and the second updating module is used for returning the modified plaintext cache and/or the modified encryption cache to the client side for updating by the client side if the plaintext cache and/or the modified encryption cache is modified according to the session request.
9. The session management system of claim 6, wherein the parsing module is further to,
when a session request sent by a client is received, a session token carried by the session request, a key cached by a server required by session operation and a cached version number are obtained;
the searching module is further used for locally searching a required server cache in an application server in a WEB application server cluster according to the session token and the key;
the judging module is further used for judging whether the server cache is the latest version according to the cache version number if the required server cache is found successfully;
the operation module is further configured to, if the required server cache is not found or the server cache is not the latest version, obtain a corresponding server cache from the distributed cache cluster according to the session token and the key, and perform a session operation according to the session request.
10. The session management system according to any of claims 6-9, wherein the operation module is further configured to,
and if the server cache locally found by the application server in the WEB application server cluster is the latest version, performing session operation by using the found server cache.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611266512.8A CN106603713B (en) | 2016-12-29 | 2016-12-29 | Session management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611266512.8A CN106603713B (en) | 2016-12-29 | 2016-12-29 | Session management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106603713A CN106603713A (en) | 2017-04-26 |
| CN106603713B true CN106603713B (en) | 2020-09-22 |
Family
ID=58581934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611266512.8A Active CN106603713B (en) | 2016-12-29 | 2016-12-29 | Session management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106603713B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109150936A (en) * | 2017-06-19 | 2019-01-04 | 北京宝兰德软件股份有限公司 | The sharing method and device of session object Session in a kind of distributed type assemblies |
| CN109495532A (en) * | 2017-09-13 | 2019-03-19 | 北京京东尚科信息技术有限公司 | Client update method and device |
| CN108924266A (en) * | 2018-08-24 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of client request separation management method and device based on distributed file system |
| CN109587251A (en) * | 2018-12-07 | 2019-04-05 | 用友网络科技股份有限公司 | Session access method and server |
| CN110119409A (en) * | 2019-05-23 | 2019-08-13 | 武汉神算云信息科技有限责任公司 | Cache design method, device, equipment and storage medium in Distributed Application |
| CN110493308B (en) * | 2019-07-08 | 2023-05-30 | 中国平安人寿保险股份有限公司 | Distributed consistency system session method and device, storage medium and server |
| CN110381078B (en) * | 2019-07-29 | 2021-10-26 | 迈普通信技术股份有限公司 | Method and device for determining token duration, electronic equipment and storage medium |
| CN110471868A (en) * | 2019-08-21 | 2019-11-19 | 携程旅游信息技术(上海)有限公司 | Improve method, system, equipment and the medium of SOA interface response speed |
| CN111010603A (en) * | 2019-12-18 | 2020-04-14 | 浙江大华技术股份有限公司 | Video caching and forwarding processing method and device |
| CN111372092B (en) * | 2020-03-04 | 2022-03-04 | 北京字节跳动网络技术有限公司 | Communication link establishing method, device, equipment and storage medium |
| CN111563005B (en) * | 2020-04-02 | 2023-05-19 | 苏宁云计算有限公司 | Cookie data processing method and device, computer equipment and storage medium |
| CN111953580B (en) * | 2020-07-17 | 2022-07-26 | 上海泛微网络科技股份有限公司 | Method, device and storage medium for sending and acquiring session |
| CN112131241A (en) * | 2020-09-30 | 2020-12-25 | 上海众言网络科技有限公司 | System quota real-time statistical method, device, equipment and storage medium |
| CN113259475B (en) * | 2021-06-10 | 2021-11-05 | 大汉软件股份有限公司 | Distributed session processing system and method based on micro-service architecture |
| CN114979234A (en) * | 2022-04-22 | 2022-08-30 | 中国工商银行股份有限公司 | Session control sharing method and system in distributed cluster system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244652A (en) * | 2010-05-13 | 2011-11-16 | 阿里巴巴集团控股有限公司 | Method and system for generating session information and application server |
| CN103841111A (en) * | 2014-03-17 | 2014-06-04 | 北京京东尚科信息技术有限公司 | Method for preventing data from being submitted repeatedly and server |
| CN104753987A (en) * | 2013-12-26 | 2015-07-01 | 北京东方通科技股份有限公司 | Distributed session management method and system |
| CN105141676A (en) * | 2015-08-11 | 2015-12-09 | 北京思特奇信息技术股份有限公司 | Session persistence sharing method and session persistence sharing system under multiple servers |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7979909B2 (en) * | 2007-12-03 | 2011-07-12 | Wells Fargo Bank | Application controlled encryption of web browser data |
| US20150188900A1 (en) * | 2013-12-31 | 2015-07-02 | Digital River, Inc. | Session managment in a multi-tenant, multi-data center environment system and method |
-
2016
- 2016-12-29 CN CN201611266512.8A patent/CN106603713B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244652A (en) * | 2010-05-13 | 2011-11-16 | 阿里巴巴集团控股有限公司 | Method and system for generating session information and application server |
| CN104753987A (en) * | 2013-12-26 | 2015-07-01 | 北京东方通科技股份有限公司 | Distributed session management method and system |
| CN103841111A (en) * | 2014-03-17 | 2014-06-04 | 北京京东尚科信息技术有限公司 | Method for preventing data from being submitted repeatedly and server |
| CN105141676A (en) * | 2015-08-11 | 2015-12-09 | 北京思特奇信息技术股份有限公司 | Session persistence sharing method and session persistence sharing system under multiple servers |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106603713A (en) | 2017-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106603713B (en) | Session management method and system | |
| US11647097B2 (en) | Providing access to managed content | |
| US6823391B1 (en) | Routing client requests to back-end servers | |
| JP5183214B2 (en) | System and method for performing caching of dynamically generated objects in a network | |
| US9747340B2 (en) | Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic | |
| CN105393220B (en) | System and method for disposing dotted virtual server in group system | |
| US10061852B1 (en) | Transparent proxy tunnel caching for database access | |
| US8739255B2 (en) | Replicating selected secrets to local domain controllers | |
| US20060123121A1 (en) | System and method for service session management | |
| JP2010015556A (en) | Method and device for transaction processing conscious of distributed application context | |
| CN108429785A (en) | A kind of generation method, reptile recognition methods and the device of reptile identification encryption string | |
| CN109167850A (en) | A kind of method, apparatus and storage medium of determining CDN service operator | |
| US7051201B2 (en) | Securing cached data in enterprise environments | |
| US8826026B2 (en) | Systems and methods for tracking electronic files in computer networks using electronic signatures | |
| CN115277196A (en) | Distributed resource discovery unified management method | |
| US8364655B2 (en) | Hybrid off-peak and just-in-time integration | |
| WO2017092356A1 (en) | Server, method and system for providing service data | |
| JP2000172645A (en) | Server computer and certificate information managing method for the same | |
| CN112637316B (en) | Communication method and device | |
| CN114710336B (en) | Safe communication method and system independent of Internet of things platform | |
| Kafle et al. | Directory service for mobile IoT applications | |
| US9686228B2 (en) | Integrated just-in-time synchronization | |
| Funasaka et al. | PFTPD: An FTP proxy system to assure the freshness of files | |
| CN116318841A (en) | Micro-application account login-free method based on Web multi-level cache | |
| Naumenko | Some recommendations on building proxy caching service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |