CN107483466B - User login verification method and device in Web application - Google Patents
User login verification method and device in Web application Download PDFInfo
- Publication number
- CN107483466B CN107483466B CN201710765991.6A CN201710765991A CN107483466B CN 107483466 B CN107483466 B CN 107483466B CN 201710765991 A CN201710765991 A CN 201710765991A CN 107483466 B CN107483466 B CN 107483466B
- Authority
- CN
- China
- Prior art keywords
- user
- client
- stored
- verification
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 154
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000002427 irreversible effect Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for verifying user login in Web application.A user is verified whether to be allowed to log in or not according to verification data of the user, which is stored in a client, when a session request of the user, which is sent by the client, is received; if the user verification data stored in the client side is consistent with the user verification data currently stored in the server side, allowing the user to log in; if the verification number is inconsistent with the user verification number stored in the client, the verification is failed, whether the user verification number stored in the client is consistent with the user verification number currently stored in the server is further judged, and if the user verification number is inconsistent with the user verification number stored in the server, information for requiring the user to input a password for verification is returned to the client. The user login authentication method and device in the Web application do not need to input passwords every time a user accesses the Web application, and the passwords of the user are not stored in the client, so that the security of user login information is guaranteed.
Description
Technical Field
The invention relates to the technical field of Web application, in particular to a user login verification method and device in Web application.
Background
In the Web application, a user login function is the most basic function, but because a commonly adopted network Protocol such as a hypertext Transfer Protocol (HTTP) is a stateless Protocol, that is, the Protocol cannot record the access state of a user, each request is independent and unrelated, a Web site is designed into a plurality of pages, a server side needs to verify the user in the page jumping process, and verify whether the user is allowed to log in, so that the user can know whether to have the right to operate some functions or view some data after the page jumping.
Therefore, it is a problem to be faced in Web applications to verify whether a user can be permitted to log in when the user accesses a page. In order to improve user experience, a user cannot input a user name and a password again every time the user accesses a page, in the prior art, a cache file of a browser is used for storing login information of the user in a cache file of a client, so that the user obtains the login information of the user from the cache file to verify when accessing the page, and whether the user is allowed to login or not is verified. However, the method has many hidden dangers, firstly, the Web application allows the browser cache file to memorize the password of the user, and the browser cache file has no security measures, so obviously, the password is easy to steal, and even if the password is stored in an encrypted way, if the stealer copies the whole cache file, the stealer can log in the cache file without inputting the password on other equipment.
Therefore, the security of the existing authentication method for user login in Web application needs to be improved.
Disclosure of Invention
In view of this, the invention provides a method and a device for verifying user login in a Web application, which improve the security of user login information.
In order to achieve the purpose, the invention provides the following technical scheme:
a user login verification method in Web application comprises the following steps:
when a session request of a user sent by a client is received, judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in a server;
if so, the authentication is successful, the user is allowed to log in, and the authentication data of the user stored in the client and the authentication data of the user stored in the server are updated;
if not, the verification fails, and whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server is judged;
if not, returning information for requiring the user to input the password for verification to the client, wherein the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in.
Optionally, the method further comprises: judging whether the password input by the user provided by the client is correct or not;
if so, allowing the user to log in, and updating the authentication number and the authentication data of the user stored in the client, and the authentication number and the authentication data of the user stored in the server;
if not, the user is not allowed to log in.
Optionally, the method further comprises: and if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server, returning information for prompting the user to modify the password to the client.
Optionally, the method further comprises: and updating the verification data and the verification number of the user stored in the server at the same time regularly.
Optionally, the authentication data and the authentication number of the user stored in the client are both encrypted, and the authentication data and the authentication number of the user stored in the server are both encrypted.
A user login authentication apparatus in a Web application, comprising:
the first judgment module is used for judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server or not when receiving a session request of the user sent by the client;
the login module is used for successfully verifying the user if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, allowing the user to login and updating the verification data of the user stored in the client and the verification data of the user stored in the server;
the second judgment module is used for judging whether the verification number of the user stored in the client side is consistent with the verification number of the user currently stored in the server side or not if the verification data of the user stored in the client side is inconsistent with the verification data of the user currently stored in the server side;
the first prompting module is used for returning information for requiring the user to input a password for verification to the client if the verification number of the user stored in the client is not consistent with the verification number of the user currently stored in the server, and the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in.
Optionally, the method further comprises:
the third judging module is used for judging whether the password input by the user and provided by the client is correct or not;
the login module is also used for allowing the user to log in if the password input by the user provided by the client is correct, updating the authentication number and the authentication data of the user stored in the client, and updating the authentication number and the authentication data of the user stored in the server; if not, the user is not allowed to log in.
Optionally, the method further comprises:
and the second prompting module is used for returning information for prompting the user to modify the password to the client if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server.
Optionally, the method further comprises:
and the updating module is used for updating the verification data and the verification number of the user stored in the server at the same time regularly.
Optionally, the authentication data and the authentication number of the user stored in the client are both encrypted, and the authentication data and the authentication number of the user stored in the server are both encrypted.
According to the technical scheme, when a session request of a user sent by a client is received, whether the user is allowed to log in is verified according to the verification data of the user stored in the client; if the user verification data stored in the client side is consistent with the user verification data currently stored in the server side, allowing the user to log in; if the verification number is inconsistent with the user verification number stored in the client, the verification is failed, whether the user verification number stored in the client is consistent with the user verification number currently stored in the server is further judged, and if the user verification number is inconsistent with the user verification number stored in the server, information for requiring the user to input a password for verification is returned to the client.
The method and the device for verifying the user login in the Web application firstly verify the user through the verification data and the verification number stored in the client, do not need to input a password when the user accesses the Web application every time, and do not need to store the password of the user in the client, thereby ensuring the safety of the user login information.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for verifying user login in a Web application according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a client and a server in a Web application according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for authenticating a user login in a Web application according to another embodiment of the present invention;
fig. 4 is a schematic diagram of a user login authentication device in a Web application according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a user login authentication apparatus in a Web application according to another embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for verifying user login in a Web application according to an embodiment of the present invention includes:
s10: when a session request of a user sent by a client is received, whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in a server is judged.
When a user accesses a certain Web page, a session request for accessing the page is sent to a server side through a client side.
In the method of this embodiment, please refer to fig. 2, the user name, the verification data, and the verification number of the user are stored in the client 100, and correspondingly, the user name, the verification data, and the verification number of the user are also stored in the server 101. The authentication data stored in the client 100 and the authentication data stored in the server 101 are updated each time the user initiates a session request, that is, the updated authentication data is valid only in one login session. The authentication number stored in the client 100 and the authentication number stored in the server 101 are updated when the user inputs a password and the authentication is successful according to the password input by the user and the user is allowed to log in.
In this step, when receiving the session request sent by the client 100, it is determined whether the authentication data of the user stored in the client 100 is consistent with the authentication data of the user currently stored in the server 101.
If yes, the process proceeds to step S11.
S11: and if the verification is successful, allowing the user to log in, and updating the verification data of the user stored in the client and the verification data of the user stored in the server.
The user is allowed to log in this time, and the user logs in successfully.
If not, the process proceeds to step S12.
S12: and if the verification fails, judging whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server.
If not, the process proceeds to step S13.
S13: and returning information for requiring the user to input a password for verification to the client.
The authentication number stored in the client 100 and the authentication number stored in the server 101 are updated when the user inputs a password, and the authentication is successful according to the password input by the user and the user is allowed to log in, and if the authentication number of the user stored in the client 100 is inconsistent with the authentication number of the user currently stored in the server 101, which indicates that the user may have an abnormal login using the password, the user is required to input the password again for authentication in this step.
It can be seen that, in the user login authentication method in the Web application of this embodiment, the user is authenticated by the authentication data and the authentication number stored in the client, the user does not need to input a password every time the user accesses the Web server, and the password of the user does not need to be stored in the client, so that the security of the user login information is ensured, and compared with the prior art, the security of the user login is improved.
Referring to fig. 3, a method for verifying user login in a Web application according to another embodiment of the present invention includes:
s20: when a session request of a user sent by a client is received, whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in a server is judged.
When a user accesses a certain Web page, a session request for accessing the page is sent to a server side through a client side.
In the method of this embodiment, please refer to fig. 2, the user name, the verification data, and the verification number of the user are stored in the client 100, and correspondingly, the user name, the verification data, and the verification number of the user are also stored in the server 101. The authentication data stored in the client 100 and the authentication data stored in the server 101 are updated each time the user initiates a session request, that is, the updated authentication data is valid only in one login session. The authentication number stored in the client 100 and the authentication number stored in the server 101 are updated when the user inputs a password and the authentication is successful according to the password input by the user and the user is allowed to log in.
When receiving a session request sent by the client 100, it is determined whether the authentication data of the user stored in the client 100 is consistent with the authentication data of the user currently stored in the server 101.
If yes, the process proceeds to step S21.
S21: and if the verification is successful, allowing the user to log in, and updating the verification data of the user stored in the client and the verification data of the user stored in the server.
The user authentication of the session is successful, and the user is allowed to log in.
If not, the process proceeds to step S22.
S22: and if the verification fails, judging whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server.
If the authentication data of the user stored in the client 100 is inconsistent with the authentication data of the user currently stored in the server 101, which indicates that the authentication data stored in the server 101 has been changed, it may be the login information of the user stored in the client, including the user name and the authentication data, used for logging in on other devices.
At this time, it is further determined whether the authentication number of the user stored in the client 100 is consistent with the authentication number of the user currently stored in the server 101.
If not, go to step S23; if yes, the process proceeds to step S24.
S23: and returning information for requiring the user to input a password for verification to the client.
The password is input by the user based on the authentication number stored in the client 100 and the authentication number stored in the server 101, and the authentication is successful according to the password input by the user and is updated when the user logs in, so that if the authentication number of the user stored in the client 100 is inconsistent with the authentication number of the user currently stored in the server 101, it indicates that the user account logs in again on other client devices by inputting the password. In this case, the user may log in again by inputting the password in another device, and the password of the user may be stolen, so that the user is required to input the password for verification in this step, and the user can determine whether to modify the password according to the actual situation.
S25: and judging whether the password input by the user provided by the client is correct or not.
When the user inputs a password through the client 100, it is verified whether the password input by the user is correct.
If yes, go to step S26; if not, the process proceeds to step S27.
S26: and allowing the user to log in, and updating the authentication number and the authentication data of the user stored in the client, and the authentication number and the authentication data of the user stored in the server.
The access verification is successful, and the user is allowed to log in.
S27: the user is not allowed to log in. The access user fails to verify.
S24: and returning information for prompting the user to modify the password to the client.
If the authentication data of the user stored in the client 100 is inconsistent with the authentication data of the user currently stored in the server 101, and the authentication number of the user stored in the client 100 is consistent with the authentication number of the user currently stored in the server 101, which indicates that the authentication data stored in the server 101 has been changed, and it may be that the authentication data stored in the client 100 is used for logging in on other client devices, and there may be a situation that the authentication data and the authentication number of the user on the client are stolen, information prompting the user to modify the password is returned to the client. Therefore, the method can prompt the user in time when the login is abnormal, prompt the user to modify the password in time, and improve the safety.
Further, in the method for authenticating a user login in a Web application described in each of the above embodiments, preferably, the authentication data and the authentication number of the user stored in the client are both encrypted, and the authentication data and the authentication number of the user stored in the server are both encrypted. The authentication data and the authentication number of the user stored in the client and the server are encrypted and stored, so that the security of the user login information is further improved. In specific implementation, optionally, the verification data and the verification number may be encrypted by using a Secure Hash Algorithm (SHA), specifically, SHA512, where SHA512 is a Hash Algorithm well suited for storing a password, so as to balance efficiency and security of the system. A hash is a refinement of information, typically much smaller in length than the information, and is a fixed length. The hash with strong encryption is irreversible, which means that any part of original information cannot be derived through the hash result, and the security of the user login information can be effectively improved.
Further, the method for verifying user login in the Web application described in the above embodiments further includes: and updating the verification data and the verification number of the user stored in the server at the same time regularly. In the method, the verification data and the verification number of the user stored in the server are updated at the same time regularly to prevent the login information of the user from being cracked. When a user logs in at a client side, the user verifies the login by using the password, and new verification data and a verification number are generated and stored in the client side.
Correspondingly, in the step S22, when it is determined that the authentication data of the user stored in the client is inconsistent with the authentication data of the user currently stored in the server and the authentication fails, or the server 101 may periodically update the stored login information (including the authentication data and the authentication number), the server also requests the user to input a password for re-authentication through a subsequent process, so as to update the authentication data and the authentication number in the client.
Correspondingly, referring to fig. 4, an embodiment of the present invention further provides a device for verifying user login in a Web application, including:
a first determining module 20, configured to determine, when a session request of a user sent by a client is received, whether authentication data of the user stored in the client is consistent with authentication data of the user currently stored in a server;
a login module 21, configured to, if the authentication data of the user stored in the client is consistent with the authentication data of the user currently stored in the server, allow the user to login, and update the authentication data of the user stored in the client and the authentication data of the user stored in the server;
a second determining module 22, configured to determine whether the user authentication number stored in the client is consistent with the user authentication number currently stored in the server if the user authentication data stored in the client is inconsistent with the user authentication data currently stored in the server;
the first prompting module 23 is configured to, if the authentication number of the user stored in the client is not consistent with the authentication number of the user currently stored in the server, return information that requires the user to input a password for authentication to the client, where the authentication number of the user stored in the client and the authentication number of the user stored in the server are updated when the authentication is successful according to the password input by the user and the user is allowed to log in.
It can be seen that, in the user login authentication apparatus in the Web application of this embodiment, when receiving a session request of a user sent by a client, first, a first determination module authenticates whether the user is allowed to log in according to authentication data of the user stored in the client; if the user verification data stored in the client side is consistent with the user verification data currently stored in the server side, the login module allows the user to login and updates the user verification data stored in the client side and the user verification data stored in the server side; if the verification is not consistent, the verification fails, the second judging module judges whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server, and if the verification number of the user stored in the client is inconsistent, the first prompting module returns information for requiring the user to input a password for verification to the client.
According to the user login authentication device in the Web application, firstly, the user is authenticated through the authentication data and the authentication number stored in the client, the password does not need to be input when the user accesses each time, the password of the user does not need to be stored in the client, the security of user login information is guaranteed, and compared with the prior art, the security of user login is improved.
Further, referring to fig. 5, in the apparatus for verifying user login in the Web application of the present embodiment, the apparatus further includes:
a third judging module 24, configured to judge whether the password input by the user provided by the client is correct;
the login module 21 is further configured to allow the user to log in if the password input by the user provided by the client is correct, and update the authentication number and the authentication data of the user stored in the client and the authentication number and the authentication data of the user stored in the server; if not, the user is not allowed to log in.
When the user inputs a password through the client 100, it is verified whether the password input by the user is correct. If the password is correct, the access verification is successful, the user is allowed to log in, and the verification number and the verification data of the user stored in the client are updated, and the verification number and the verification data of the user stored in the server are updated. If the password is wrong, the login of the current access user fails.
In the apparatus for verifying user login in the Web application of this embodiment, the method further includes:
and the second prompting module 25 is configured to return information prompting the user to modify the password to the client if it is determined that the authentication number of the user stored in the client is not consistent with the authentication number of the user currently stored in the server.
If the authentication data of the user stored in the client 100 is inconsistent with the authentication data of the user currently stored in the server 101, and the authentication number of the user stored in the client 100 is consistent with the authentication number of the user currently stored in the server 101, which indicates that the authentication data stored in the server 101 has been changed, it may be that the authentication data stored in the client 100 is used to log in on other client devices, and there may be login information of the user on the client, including the situation that the authentication data and the authentication number are stolen, then information prompting the user to modify the password is returned to the client. Therefore, the device can prompt the user in time when the login is abnormal, prompt the user to modify the password in time, and improve the safety.
Further preferably, the user login authentication apparatus in the Web application of this embodiment further includes: and the updating module is used for updating the verification data and the verification number of the user stored in the server at the same time regularly. The device periodically updates the verification data and the verification number of the user stored in the server at the same time so as to prevent the login information of the user from being cracked. When a user logs in at a client side, the user verifies the login by using the password, and new verification data and a verification number are generated and stored in the client side.
Further preferably, in the apparatus of this embodiment, the authentication data and the authentication number of the user stored in the client are both encrypted, and the authentication data and the authentication number of the user stored in the server are both encrypted. The authentication data and the authentication number of the user stored in the client and the server are encrypted and stored, so that the security of the user login information is further improved. In specific implementation, optionally, the verification data and the verification number may be encrypted by using a Secure Hash Algorithm (SHA), specifically, SHA512, where SHA512 is a Hash Algorithm well suited for storing a password, so as to balance efficiency and security of the system. A hash is a refinement of information, typically much smaller in length than the information, and is a fixed length. The hash with strong encryption is irreversible, which means that any part of original information cannot be derived through the hash result, and the security of the user login information can be effectively improved.
The method and the device for verifying user login in the Web application provided by the invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. A user login verification method in a Web application is characterized by comprising the following steps:
when a session request of a user sent by a client is received, judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in a server;
if so, the authentication is successful, the user is allowed to log in, and the authentication data of the user stored in the client and the authentication data of the user stored in the server are updated;
if not, the verification fails, and whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server is judged;
if not, returning information for requiring the user to input the password for verification to the client, wherein the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in; and if so, returning information for prompting the user to modify the password to the client.
2. The method of claim 1, further comprising: judging whether the password input by the user provided by the client is correct or not;
if so, allowing the user to log in, and updating the authentication number and the authentication data of the user stored in the client, and the authentication number and the authentication data of the user stored in the server;
if not, the user is not allowed to log in.
3. The method of claim 1, further comprising: and if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server, returning information for prompting the user to modify the password to the client.
4. The method of claim 1, further comprising: and updating the verification data and the verification number of the user stored in the server at the same time regularly.
5. The method according to any one of claims 1 to 4, wherein the authentication data and the authentication number of the user stored in the client are encrypted, and the authentication data and the authentication number of the user stored in the server are encrypted.
6. A user login authentication apparatus for a Web application, comprising:
the first judgment module is used for judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server or not when receiving a session request of the user sent by the client;
the login module is used for successfully verifying the user if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, allowing the user to login and updating the verification data of the user stored in the client and the verification data of the user stored in the server;
the second judgment module is used for judging whether the verification number of the user stored in the client side is consistent with the verification number of the user currently stored in the server side or not if the verification data of the user stored in the client side is inconsistent with the verification data of the user currently stored in the server side;
the first prompting module is used for returning information for requiring the user to input a password for verification to the client if the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server, and the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in; and if the authentication number of the user stored in the client is consistent with the authentication number of the user currently stored in the server, returning information for prompting the user to modify the password to the client.
7. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
the third judging module is used for judging whether the password input by the user and provided by the client is correct or not;
the login module is also used for allowing the user to log in if the password input by the user provided by the client is correct, updating the authentication number and the authentication data of the user stored in the client, and updating the authentication number and the authentication data of the user stored in the server; if not, the user is not allowed to log in.
8. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
and the second prompting module is used for returning information for prompting the user to modify the password to the client if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server.
9. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
and the updating module is used for updating the verification data and the verification number of the user stored in the server at the same time regularly.
10. The apparatus according to any one of claims 6 to 9, wherein the authentication data and the authentication number of the user stored in the client are encrypted, and the authentication data and the authentication number of the user stored in the server are encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710765991.6A CN107483466B (en) | 2017-08-30 | 2017-08-30 | User login verification method and device in Web application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710765991.6A CN107483466B (en) | 2017-08-30 | 2017-08-30 | User login verification method and device in Web application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107483466A CN107483466A (en) | 2017-12-15 |
CN107483466B true CN107483466B (en) | 2020-11-24 |
Family
ID=60603403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710765991.6A Active CN107483466B (en) | 2017-08-30 | 2017-08-30 | User login verification method and device in Web application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483466B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113221083B (en) * | 2021-06-02 | 2023-05-16 | 湖北央中巨石信息技术有限公司 | Block chain user session caching method capable of improving server performance |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
CN104394141A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Unified authentication method based on distributed file system |
CN106357686A (en) * | 2016-10-26 | 2017-01-25 | 中企动力科技股份有限公司 | Single-point authentication method and single-point authentication system |
CN106933984A (en) * | 2017-02-20 | 2017-07-07 | 周长英 | The dispatching method and system of a kind of distributed file system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6993652B2 (en) * | 2001-10-05 | 2006-01-31 | General Instrument Corporation | Method and system for providing client privacy when requesting content from a public server |
CN105354482B (en) * | 2015-12-09 | 2018-05-01 | 浪潮(北京)电子信息产业有限公司 | A kind of single-point logging method and device |
-
2017
- 2017-08-30 CN CN201710765991.6A patent/CN107483466B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
CN104394141A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Unified authentication method based on distributed file system |
CN106357686A (en) * | 2016-10-26 | 2017-01-25 | 中企动力科技股份有限公司 | Single-point authentication method and single-point authentication system |
CN106933984A (en) * | 2017-02-20 | 2017-07-07 | 周长英 | The dispatching method and system of a kind of distributed file system |
Non-Patent Citations (1)
Title |
---|
一种基于单点登录的开源课程群系统;陈云芳 等;《中国教育信息化》;20110610(第11期);第37-40页 * |
Also Published As
Publication number | Publication date |
---|---|
CN107483466A (en) | 2017-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9736131B2 (en) | Secure login for subscriber devices | |
US10225260B2 (en) | Enhanced authentication security | |
US10367797B2 (en) | Methods, systems, and media for authenticating users using multiple services | |
CN106612180B (en) | Method and device for realizing session identification synchronization | |
US10530763B2 (en) | Late binding authentication | |
CN106656952B (en) | Authentication method, device and system for login equipment | |
CN106375348B (en) | Portal authentication method and device | |
KR101451359B1 (en) | User account recovery | |
KR101516881B1 (en) | User authentication method and apparatus | |
CN106161348B (en) | Single sign-on method, system and terminal | |
EP2798772A1 (en) | Web authentication using client platform root of trust | |
CN112491881A (en) | Cross-platform single sign-on method, system, electronic equipment and storage medium | |
CN103716292A (en) | Cross-domain single-point login method and device thereof | |
JP4960738B2 (en) | Authentication system, authentication method, and authentication program | |
CN110868415B (en) | Remote identity verification method and device | |
US8832812B1 (en) | Methods and apparatus for authenticating a user multiple times during a session | |
CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
CN107483466B (en) | User login verification method and device in Web application | |
CN114500074B (en) | Single-point system security access method and device and related equipment | |
KR101637155B1 (en) | A system providing trusted identity management service using trust service device and its methods of operation | |
JP6343928B2 (en) | Portable terminal, authentication system, authentication method, and authentication program | |
CN112653676B (en) | Identity authentication method and equipment crossing authentication system | |
EP3036674B1 (en) | Proof of possession for web browser cookie based security tokens | |
CN112532423A (en) | Equipment access method, device and system | |
JP2014164672A (en) | Authentication device and authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20201104 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 450018 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601 Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |