CN108040065B - Login-free method and device after webpage skipping, computer equipment and storage medium - Google Patents
Login-free method and device after webpage skipping, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108040065B CN108040065B CN201711407951.0A CN201711407951A CN108040065B CN 108040065 B CN108040065 B CN 108040065B CN 201711407951 A CN201711407951 A CN 201711407951A CN 108040065 B CN108040065 B CN 108040065B
- Authority
- CN
- China
- Prior art keywords
- webpage
- user identity
- jump
- identity code
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/148—Migration or transfer of sessions
Abstract
The invention relates to a login-free method and device after webpage skipping, computer equipment and a storage medium. The login-free method after webpage skipping comprises the following steps: receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping; analyzing the webpage jump request to obtain a user identity ciphertext; decrypting the user identity ciphertext to obtain a user identity code; generating a session control object according to the user identity code; establishing connection with a user side matched with the webpage jump request; providing the skipped web pages to the user side through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump; receiving a user identity code to be verified sent by a user side; verifying the user identity code and the user identity code to be verified through the session control object; and when the verification is passed, logging in the webpage after the jump. The login-free method after webpage skipping realizes the login-free after webpage skipping by simulating the user side login, thereby improving the efficiency.
Description
Technical Field
The invention relates to the field of webpage login, in particular to a login-free method and device after webpage skipping, computer equipment and a computer readable storage medium.
Background
At present, many web pages only provide the lowest operation authority for a Tourist account (Tourist account), and the operation authority is further improved only after a user side logs in. A comprehensive website usually has many service items, and in order to distinguish the web pages of these service items, different secondary domain names under the same primary domain name are usually used for distinguishing. For example, the primary domain names of the two secondary domain names cfb. pingan.com and baoxian. pingan.com are both pingan.com. Therefore, after the user terminal successfully logs in, the cookie (identity recognition information file) is used for recording the user identity code to be verified of the user terminal, so that the user terminal can still be in a login state without logging in after webpage skipping of different domain names is realized.
However, the conventional technical scheme can only realize login-free operation on the web pages with the same first-level domain name, and cannot realize the login-free operation when the first-level domain names are different. For example, if the first-level domain name of the sale.pa 18.com is pa18.com, the login of the user side cannot be avoided after the user jumps from the sale.pingan.com to the sale.pa 18. com. Repeated webpage skipping requires the user side to perform login authentication in a conventional manner, which takes a lot of time and results in low efficiency.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a method, an apparatus, a computer device and a computer-readable storage medium for log-in free after web page jump, which takes much time and causes low efficiency.
A login-free method after webpage skipping, the method comprising:
receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping;
analyzing the webpage jump request to obtain a user identity ciphertext;
decrypting the user identity ciphertext to obtain a user identity code;
generating a session control object according to the user identity code;
establishing connection with the user side matched with the webpage jump request;
providing the webpage after the jump to the user side through the connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump;
receiving a user identity code to be verified sent by the user side;
verifying the user identity code and the user identity code to be verified through the session control object;
and when the verification is passed, logging in the webpage after the jump.
In one embodiment, the decrypting the user identity cryptograph to obtain the user identity code includes:
decrypting the user identity ciphertext by using the first public key to obtain plaintext information;
and acquiring the user identity code according to the transmission parameters in the plaintext information.
In one embodiment, the method further comprises:
acquiring signature information and a timestamp according to the transmission parameters in the plaintext information;
verifying the signature information and the timestamp to obtain a verification result;
writing the verification result into a verification log;
and when the verification result shows that the verification is passed, executing the step of generating the session control object according to the user identity code.
In one embodiment, the verifying the signature information and the timestamp to obtain a verification result includes:
checking whether the timestamp appears in a check log; if not, then
Decrypting the signature information by using a second public key to obtain summary information;
encrypting the user identity code and the transmission parameter in the plaintext information by using a Hash algorithm to obtain a check ciphertext;
and when the abstract information is consistent with the check ciphertext, obtaining a check result indicating that the check is passed.
In one embodiment, after the connection is established between the user terminal matched with the webpage jump request, the method further includes:
acquiring a corresponding page file according to the webpage jump request;
and sending the acquired page file to the user side.
In one embodiment, the user side runs a page engine and a browser; the method further comprises the following steps:
sending the page file to the page engine;
and after the page engine analyzes the page file to obtain page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before the jump to the webpage pointed by the webpage jump request according to the page elements sent by the page engine.
In one embodiment, the server corresponding to the webpage before the jump synchronizes data with the server corresponding to the webpage after the jump in timing.
A login-free device after webpage jump, the device comprising:
the receiving module is used for receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping;
the analysis module is used for analyzing the webpage jump request to obtain a user identity ciphertext;
the decryption module is used for decrypting the user identity ciphertext to obtain a user identity code;
the object generation module is used for generating a session control object according to the user identity code;
the connection establishing module is used for establishing connection with the user side matched with the webpage skipping request;
the webpage providing module is used for providing the webpage after the webpage skips to the user side through the connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump;
the receiving module is also used for receiving the user identity code to be verified sent by the user side;
the identity code checking module is used for checking the user identity code and the user identity code to be verified through the session control object; and when the verification is passed, logging in the webpage after the jump.
A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method as claimed in any one of the above.
A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method of any one of the above.
According to the login-free method, the device, the computer equipment and the computer readable storage medium after webpage skipping, after the webpage skipping request sent by the server of the skipped webpage is received, the webpage skipping request is analyzed, the user identity ciphertext is obtained, the user identity code can be obtained by decrypting the user identity ciphertext, so that a session control object can be generated according to the user identity code, and then the session control object can be used for verifying whether the user side logs in. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
Drawings
FIG. 1 is a diagram of an embodiment of an application environment of a login-free method after web page jump;
FIG. 2 is a flowchart illustrating a login-free method after webpage jump in one embodiment;
fig. 3 is a diagram illustrating data transmission between a client and a server according to an embodiment;
FIG. 4 is a flowchart illustrating a login-free method after webpage jump in another embodiment;
FIG. 5 is a diagram illustrating an exemplary embodiment of a login-free device after a web page jump;
FIG. 6 is a schematic diagram illustrating a structure of a login-free device after a web page jump in another embodiment;
FIG. 7 is a diagram illustrating an exemplary embodiment of a login-free device after a web page jump;
FIG. 8 is a diagram illustrating a structure of a login-free device after a web page jump in another embodiment;
FIG. 9 is a diagram illustrating an exemplary embodiment of a login-free device after a web page jump;
FIG. 10 is a diagram showing an internal configuration of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
FIG. 1 is a diagram of an application environment of a login-free method after webpage jump in an embodiment. Referring to fig. 1, the login-free method after webpage skipping is applied to a login-free system after webpage skipping. The login-free system after webpage jump comprises a terminal 110, a server 120 and a server 130. The terminal 110, the server 120, and the server 130 are connected through a network. The terminal 110 may specifically be a desktop terminal or a mobile terminal, and the mobile terminal may specifically be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. Server 120 and server 130 may be implemented as separate servers or as a server cluster of multiple servers. Specifically, the user side runs on the terminal 110, the server 120 is a server corresponding to the webpage before the jump, and the server 130 is a server corresponding to the webpage after the jump.
As shown in FIG. 2, in one embodiment, a login-free method after webpage jump is provided. The embodiment mainly illustrates that the method is applied to the server 130 in fig. 1. Referring to fig. 2, the login-free method after webpage jump specifically includes the following steps:
s202, receiving a webpage jump request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping.
Wherein the webpage jump request is request information for requesting to jump to other webpages. A web page jump is a transition from a current web page to another web page. The webpage before jumping is the current webpage. Specifically, referring to fig. 1, the server 130 receives a webpage jump request initiated by the server 120, and the server 120 is a server corresponding to a webpage before jumping.
In one embodiment, the terminal 110 triggers a web page jump link on the current web page and sends a first web page jump request to the server 120. The server 120 parses the first webpage jump request, acquires a website of the webpage to be jumped to which the first webpage jump request points, generates a second webpage jump request according to the acquired website, and sends the second webpage jump request to the server 130 corresponding to the webpage to be jumped. The server 130 establishes a connection with the terminal 110 according to the second webpage jump request after receiving the second webpage jump request.
The terminal 110 may trigger the web page jump link on the current web page, specifically, trigger the web page jump link on the current web page through an input device, such as a mouse, a touch screen, or a keyboard, or trigger the web page jump link on the current web page at regular time through a timer on the terminal, or receive the web page jump link through a network interface.
In one embodiment, the terminal 110 triggers a web page jump link on the current web page and sends a first web page jump request to the server 120. The server 120 parses the first webpage jump request, acquires a webpage file corresponding to a webpage to be jumped according to the first webpage jump request, and directly feeds back the acquired webpage file to the terminal 110, so that the terminal 110 performs webpage jump after receiving the webpage file.
And S204, analyzing the webpage jump request to obtain a user identity ciphertext.
The user identity ciphertext is a ciphertext for recording the user identity. The user identity ciphertext is specifically attached behind the website in the webpage jump request, and the website in the webpage jump request is the website corresponding to the webpage to be jumped.
S206, the user identity cipher text is decrypted to obtain the user identity code.
The user identity code is a character string for identifying the identity of the user. The user ID is specifically an ID (identification, ID number) for identifying the user end identity in the session control object, and may be a session ID, and the session control object logs off the current user ID after the session is ended.
In one embodiment, after the server 120 establishes the connection, the server 130 obtains a user identity ciphertext from the webpage jump request sent by the server 120, and decrypts the user identity ciphertext to obtain the user identity code. After the server 130 obtains the user identity code, a request to maintain the session is fed back to the server 120 to keep the obtained user identity code valid.
And S208, generating a session control object according to the user identity code.
Wherein the session control object is an object that controls a session. The session is a state of interaction between the user side and the server, and the session may specifically be session. The session control object stores the attribute and configuration information needed by the user session, and is also used for maintaining the session state and logging off the session. And generating a session control object according to the user identity code, wherein the session control object which does not store information can be filled with the user identity code.
In one embodiment, the server 130 creates a virtual client and maintains interactions with the virtual client to generate the session control object. After generating the session control object, the server 130 writes the user identity code obtained from the user identity ciphertext into the session control object, and sends the user identity code to the virtual client, so as to maintain the current session with the virtual client.
And S210, establishing connection with the user side matched with the webpage jump request.
The user side is a computer program for displaying the web page. The user side is specifically operated on the terminal, and can be an independent browser, a computer program embedded with a browser plug-in and a file manager. The user side matched with the webpage jump request is specifically a user side which is connected with the server of the webpage before the jump and triggers the server of the webpage before the jump to send the webpage jump request. The connection is established with the user end matched with the webpage jump request, specifically, a TCP (Transmission Control Protocol) connection is established between the server of the webpage to be jumped and the user end matched with the webpage jump request.
In one embodiment, after the user terminal at the terminal 110 triggers a web page jump link at the web page, a first web page jump request is sent to the server 120 corresponding to the web page before the jump. The server 120 generates a second webpage jump request according to the first webpage jump request, and feeds back an IP (Internet Protocol) address corresponding to the server 130 to which the second webpage jump request points to the user side. After receiving the address corresponding to the server 130, the user terminal initiates a connection request to the server 130 to establish a connection with the server 130.
In one embodiment, after obtaining the IP address of the server 130, the user end on the terminal 110 generates a TCP packet, sets the flag SYN in the TCP packet to 1, randomly generates a value seq J, and sends the TCP packet to the server 130, and the user end enters a SYN _ send state and waits for an acknowledgement from the server 130. After receiving the TCP message, the server 130 knows that the user terminal requests to establish a connection by setting the flag bit SYN to 1, the server 130 sets both the flag bit SYN and ACK to 1, and sets ACK to J +1, randomly generates a value seq to K, and sends the TCP message to the user terminal to confirm the connection request, and the server 130 enters a SYN _ RCVD (connection accept) state. After receiving the acknowledgement, the user side checks whether ACK is J +1 or not, whether ACK is 1 or not, if correct, sets flag ACK to 1 and ACK is K +1, and sends the TCP packet to the server 130, the server 130 checks whether ACK is K +1 or not and whether ACK is 1 or not, if correct, the connection establishment is successful, the user side and the server 130 enter into an ESTABLISHED state, and then data transmission between the user side and the server 130 is started. Wherein, the message is a data packet, seq is a serial number, ACK is an acknowledgement serial number, SYN indicates that a new connection is initiated, and ACK indicates that the acknowledgement serial number is valid.
S212, providing the skipped web pages to the user side through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump.
Wherein, the primary domain name only contains one ". and the left of the". multidot.m. has a content field. Com is a first level domain name, for example.
In an embodiment, after the user end on the terminal 110 establishes a TCP connection with the server 130, the user end sends an HTTP (HyperText Transfer Protocol) request to the server 130, and when the server 130 detects that a webpage pointed by the HTTP request is consistent with a webpage pointed by the webpage jump request, the server 130 sends a corresponding HTML (HyperText Markup Language) response back to the user end. And after the user side receives the HTML response, jumping to the webpage corresponding to the HTML response from the current webpage.
S214, receiving the user identity code to be verified sent by the user side.
The user identity code to be verified is a character string for verifying the identity of the user side. The user identity code to be verified is specifically stored in an information storage text local to the user side, and the information storage file can be specifically a cookie.
In one embodiment, the client on the terminal 110 continuously sends the HTTP request while receiving the HTML response sent by the server 130, and passes the user identity code to be authenticated, which is stored locally on the client, in the HTTP request.
S216, the user identity code and the user identity code to be verified are verified through the session control object.
The user identity code and the user identity code to be verified are verified through the session control object, and specifically, whether the user identity code in the session control object is consistent with the user identity code to be verified or not can be verified.
In one embodiment, the user terminal on the terminal 110 passes the user identity code to be authenticated, which is stored locally at the user terminal, in an HTTP request sent to the server 130. After receiving the user identity code to be verified, the server 130 verifies the user identity code to be verified according to the user identity code stored in the session control object. If the verification is passed, the HTML file is reselected, and the reselected HTML file is returned to the user side. And the user side skips from the current webpage according to the received HTML file, and the status of the skipped webpage is logged in.
In one embodiment, the client on the terminal 110 jumps from the current web page based on the HTML file returned by the server 130, and the status of the jumped web page is shown as not logged in. The user side continues to send HTTP requests and passes the user id code stored locally at the user side in the HTTP request. When the server 130 verifies that the user identity code sent by the user side passes, the HTML file is fed back to the user side again. And the user side skips again according to the fed back HTML file, and the state of the webpage after skips again is displayed as logged-in.
S218, when the verification is passed, logging in the jumped webpage.
In this embodiment, after receiving the webpage jump request sent by the server of the jump webpage, the webpage jump request is analyzed to obtain the user identity ciphertext, and the user identity ciphertext is decrypted to obtain the user identity code, so that the session control object can be generated according to the user identity code, and then the session control object can be used to verify whether the user side logs in. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
In one embodiment, step S206 includes: decrypting the user identity ciphertext by using the first public key to obtain plaintext information; and acquiring the user identity code according to the transmission parameters in the plaintext information.
The first public key is a key for decrypting the user identity ciphertext. The first public key may specifically be a key of a symmetric Encryption Algorithm, such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), TDEA (Triple Data Encryption Algorithm), and the like, or may be a key of an asymmetric Encryption Algorithm, such as RSA (Rivest, Shamir, Adleman), DSA (Digital Signature Algorithm), ECC (Elliptic curve Cryptography), and the like. Plaintext information is information that is not encrypted. The delivery parameter is a parameter for delivering the user identification code in plaintext information.
In one embodiment, the server 120 encrypts the user identity code and the delivery parameter using the first private key, adds the obtained user identity ciphertext to the webpage jump request, and sends the webpage jump request with the user identity ciphertext added to the webpage jump request to the server 130. After receiving the webpage jump request, the server 130 decrypts the user identity ciphertext in the webpage jump request according to the first public key forming the key pair with the first private key, obtains plaintext information, and obtains the user identity code according to the transmission parameter in the plaintext information.
In this embodiment, the plaintext information can be obtained only by decrypting the user identity ciphertext through the first public key, so that the security of the user identity code can be guaranteed. And the user identity code is obtained from the plaintext information through the transmission parameter, so that the accuracy of the user identity code can be ensured.
In one embodiment, the method further comprises: acquiring signature information and a timestamp according to transmission parameters in plaintext information; verifying the signature information and the timestamp to obtain a verification result; writing the check result into a check log; and when the verification result shows that the verification is passed, executing the step of generating the session control object according to the user identity code.
Wherein the signature information is a digital signature of the user identity code. The signature information is specifically used to verify the authenticity of the user identity code. The time stamp is information of the verification time. The time stamp is specifically used to verify the time at which the signature information was generated.
In one embodiment, the server 120 generates signature information according to the user identity code, generates a corresponding timestamp when generating the signature information, encrypts the signature information, the user identity code, the timestamp and the delivery parameter to generate a user identity ciphertext, adds the user identity ciphertext to the webpage jump request, and sends the webpage jump request to the server 130. After acquiring the plaintext information according to the webpage jump request, the server 130 acquires the signature information and the timestamp through the transmission parameters in the plaintext information. And when the verification result obtained by verifying the signature information and the timestamp indicates that the verification is passed, the server 130 generates a session control object according to the acquired user identity code.
In the embodiment, the user identity code in the webpage jump request is screened by checking the signature information and the timestamp in the plaintext information, so that the validity and the safety of the user identity code are improved.
In one embodiment, verifying the signature information and the timestamp to obtain a verification result includes: checking whether the timestamp appears in the check log; if not, decrypting the signature information by using the second public key to obtain summary information; encrypting the user identity code and the transmission parameter in the plaintext information by using a Hash algorithm to obtain a check ciphertext; and when the abstract information is consistent with the check ciphertext, obtaining a check result which shows that the check is passed.
Wherein the second public key is a key to decrypt the signature information. The encryption algorithm corresponding to the second public key may or may not be identical to the encryption algorithm corresponding to the first public key. The hash algorithm is an algorithm for performing encryption according to a hash function. The hash algorithm is specifically an irreversible encryption algorithm for encrypting the user identity code and the transfer parameter. The Hash Algorithm may specifically be MD5(Message Digest Algorithm 5, fifth edition), SHA1(Secure Hash Algorithm), HMAC (Hash-based Message Authentication Code), and the like.
In one embodiment, the server 120 encrypts the identity code and the transfer parameter by a hash algorithm to obtain the digest information. The digest information is encrypted by a second private key forming a key pair with the second public key to obtain signature information, and the signature information is added to the webpage jump request and sent to the server 130. The server 130 decrypts the received webpage jump request to obtain the signature information, and then decrypts the signature information according to the second public key to obtain the summary information. The server 130 encrypts the user identity code and the transfer parameter obtained by decrypting the received webpage jump request through a pre-stored hash algorithm to obtain a check ciphertext, and compares whether the check ciphertext is consistent with the summary information. And if the two are consistent, obtaining a verification result which represents that the verification is passed.
In the embodiment, the digest information is obtained by decrypting the signature information, the check ciphertext is obtained by encrypting the user identity code and the transmission parameter, and when the digest information is consistent with the check ciphertext, a check result indicating that the check is passed is obtained, so that the safety of the user identity code can be further improved.
In one embodiment, after step S210, the method further comprises: acquiring a corresponding page file according to the webpage jump request; and sending the acquired page file to the user side.
In one embodiment, the server 130 pre-acquires the corresponding page file according to the web page jump request before establishing the connection with the user terminal on the terminal 110. After establishing connection with the user side, the server 130 directly sends the pre-acquired page file to the user side.
In the embodiment, the corresponding page file is obtained according to the webpage jump request, so that the accurate page file can be sent to the user side.
In one embodiment, the user side runs a page engine and a browser; the method further comprises the following steps: sending the page file to a page engine; after the page engine analyzes the page file to obtain the page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before jumping to the webpage pointed by the webpage jumping request according to the page elements sent by the page engine.
Wherein the page engine is an engine that parses the pagefile. The page engine may be specifically an AJAX (Asynchronous Javascript And Extensible Markup Language, Asynchronous JAVA script Language, And standard universal Markup Language) engine. A browser is a computer program that displays pages.
As shown in fig. 3, in one embodiment, the server 310 establishes a connection with the client 300, and the user interface 302 on the client performs a forwarding operation with the page engine 304 before transmitting data with the server 310. If the page engine 304 detects that the data part requested to be transmitted by the user interface 302 is pre-stored locally at the user terminal 300, the corresponding data is called locally and fed back to the user interface 302, so that the user interface 302 jumps to the page according to the acquired data.
In this embodiment, the page engine analyzes the page file, and sends the page elements obtained by analyzing the page file to the browser, so that the browser can jump from the webpage before the jump to the webpage pointed by the webpage jump request according to the page elements, and the browser jump speed is increased.
In one embodiment, the server corresponding to the webpage before the jump synchronizes data with the server corresponding to the webpage after the jump in timing.
Specifically, after the data is synchronized, only the user side registered in the server corresponding to the webpage before the jump is used, and also the user side can log in the server corresponding to the webpage after the jump.
In this embodiment, by synchronizing data of the server corresponding to the webpage before the webpage skips and the server corresponding to the webpage after the webpage skips, the user can register in one of the servers and can log in the other server page, so that log-in free of the webpage after the webpage skips can be achieved.
FIG. 4 is a flowchart illustrating a login-free method after webpage jump according to an embodiment. The method specifically comprises the following steps:
s402, receiving a webpage jump request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping.
S404, analyzing the webpage jump request to obtain the user identity ciphertext.
S406, the user identity ciphertext is decrypted by using the first public key to obtain plaintext information.
S408, acquiring the user identity code, the signature information and the time stamp according to the transmission parameters in the plaintext information.
And S410, checking whether the timestamp appears in the check log.
If yes, go to step S412. If not, go to step S414.
And S412, generating and feeding back alarm information.
And S414, decrypting the signature information by using the second public key to obtain the summary information.
And S416, encrypting the user identity code and the transmission parameters in the plaintext information by using a Hash algorithm to obtain a check ciphertext.
And S418, when the abstract information is consistent with the verification ciphertext, obtaining a verification result which shows that the verification is passed.
If the digest information and the check ciphertext are not consistent, the step S412 is executed.
And S420, writing the verification result into a verification log.
S422, generating a conversation control object according to the user identity code.
And S424, establishing connection with the user side matched with the webpage jump request.
S426, acquiring a corresponding page file according to the webpage jump request.
S428, providing the skipped web page to the user terminal through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump.
S430, receiving the user identity code to be verified sent by the user side.
S432, the user identity code and the user identity code to be verified are verified through the session control object.
And S434, logging in the skipped webpage when the verification is passed.
According to the login-free method after webpage skipping, after the webpage skipping request sent by the server of the webpage skipping is received, the webpage skipping request is analyzed to obtain the user identity ciphertext, the user identity ciphertext is decrypted, the user identity code can be obtained, the session control object can be generated according to the user identity code, and then the session control object can be used for verifying whether the user side logs in or not. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
It should be understood that, although the steps in the flowchart of fig. 4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 4 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Fig. 5 is a schematic structural diagram of a login-free device 500 after web page jump, which includes: a receiving module 502, a parsing module 504, a decryption module 506, an object generation module 508, a connection establishment module 510, a web page providing module 512, and an identity code checking module 514.
A receiving module 502, configured to receive a webpage jump request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping.
And the analysis module 504 is configured to analyze the webpage jump request to obtain a user identity ciphertext.
And the decryption module 506 is configured to decrypt the user identity ciphertext to obtain the user identity code.
And an object generating module 508, configured to generate a session control object according to the user identity code.
And a connection establishing module 510, configured to establish a connection with the user side matched with the webpage jump request.
A web page providing module 512, configured to provide the skipped web page to the user side through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump.
The receiving module 502 is further configured to receive a user identity code to be verified, which is sent by a user side.
An identity code checking module 514, configured to check the user identity code and the user identity code to be verified through the session control object; and when the verification is passed, logging in the webpage after the jump.
The login-free device 500 after webpage skipping obtains the user identity ciphertext by analyzing the webpage skipping request after receiving the webpage skipping request sent by the server of the webpage skipping, and obtains the user identity code by decrypting the user identity ciphertext, so that a session control object can be generated according to the user identity code, and then the session control object can be used for verifying whether the user side logs in. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
In an embodiment, the decryption module 506 is further configured to decrypt the user identity ciphertext using the first public key to obtain plaintext information; as shown in fig. 6, the login-free device 500 after the web page jump further includes: and a parameter transmitting and analyzing module 516, configured to obtain the user identity code according to the transmission parameter in the plaintext information.
In an embodiment, the parameter parsing module 516 is further configured to obtain signature information and a timestamp according to a transmission parameter in the plaintext information; as shown in fig. 7, the login-free device 500 after web page jumping further includes: a checking module 518, configured to check the signature information and the timestamp to obtain a checking result; a log writing module 520, configured to write the verification result into the verification log; the object generating module 508 is further configured to execute the step of generating the session control object according to the user identity code when the verification result indicates that the verification is passed.
In an embodiment, the checking module 518 is further configured to check whether the timestamp appears in the check log; the decryption module 506 is further configured to decrypt the signature information using the second public key to obtain the digest information when the timestamp obtained through the verification does not appear in the verification log; as shown in fig. 8, the login-free device 500 after the web page jump further includes: the encryption module 522 is configured to encrypt the user identity code and the transmission parameter in the plaintext information by using a hash algorithm to obtain a check ciphertext; the check module 518 is further configured to obtain a check result indicating that the check is passed when the digest information and the check ciphertext are consistent.
As shown in fig. 9, in an embodiment, the login-free device 500 after web page jump further includes: a page file obtaining module 524, configured to obtain a corresponding page file according to the webpage jump request; the web page providing module 512 is further configured to send the obtained page file to the user side.
In one embodiment, the user side runs a page engine and a browser; the web page providing module 512 is further configured to send a page file to a page engine; after the page engine analyzes the page file to obtain the page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before jumping to the webpage pointed by the webpage jumping request according to the page elements sent by the page engine.
In one embodiment, the server corresponding to the webpage before the jump synchronizes data with the server corresponding to the webpage after the jump in timing.
A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method of: receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping; analyzing the webpage jump request to obtain a user identity ciphertext; decrypting the user identity ciphertext to obtain a user identity code; generating a session control object according to the user identity code; establishing connection with a user side matched with the webpage jump request; providing the skipped web pages to the user side through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump; receiving a user identity code to be verified sent by a user side; verifying the user identity code and the user identity code to be verified through the session control object; and when the verification is passed, logging in the webpage after the jump.
According to the computer-readable storage medium, after the webpage skipping request sent by the webpage skipping server is received, the webpage skipping request is analyzed to obtain the user identity ciphertext, the user identity ciphertext is decrypted to obtain the user identity code, so that the session control object can be generated according to the user identity code, and the session control object can be used for verifying whether the user side logs in or not. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
In one embodiment, the processor performs the step of decrypting the user identity cryptogram to obtain the user identity code, including the steps of: decrypting the user identity ciphertext by using the first public key to obtain plaintext information; and acquiring the user identity code according to the transmission parameters in the plaintext information.
In one embodiment, the computer program, when executed by the processor, further causes the processor to perform the steps of the method of: acquiring signature information and a timestamp according to transmission parameters in plaintext information; verifying the signature information and the timestamp to obtain a verification result; writing the check result into a check log; and when the verification result shows that the verification is passed, executing the step of generating the session control object according to the user identity code.
In one embodiment, the processor performs the step of verifying the signature information and the timestamp to obtain a verification result, including the steps of: checking whether the timestamp appears in the check log; if not, decrypting the signature information by using the second public key to obtain summary information; encrypting the user identity code and the transmission parameter in the plaintext information by using a Hash algorithm to obtain a check ciphertext; and when the abstract information is consistent with the check ciphertext, obtaining a check result which shows that the check is passed.
In one embodiment, after the processor performs the step of establishing the connection with the user terminal matched with the webpage jump request, the processor further performs the following method steps: acquiring a corresponding page file according to the webpage jump request; and sending the acquired page file to the user side.
In one embodiment, the user side runs a page engine and a browser; the computer program, when executed by the processor, further causes the processor to perform the steps of the method of: sending the page file to a page engine; after the page engine analyzes the page file to obtain the page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before jumping to the webpage pointed by the webpage jumping request according to the page elements sent by the page engine.
In one embodiment, the server corresponding to the webpage before the jump synchronizes data with the server corresponding to the webpage after the jump in timing.
In one embodiment, a computer device is provided, which may be a server or a mobile terminal. When the computer device is a server, its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a login-free method after web page jump.
Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, the log-on-free device after webpage jump provided by the present application can be implemented in the form of a computer program, and the computer program can be run on a computer device as shown in fig. 10. The memory of the computer device may store various program modules constituting the login-free apparatus after the web page is skipped, such as the receiving module 502, the parsing module 504, the decrypting module 506, the object generating module 508, the connection establishing module 510, the web page providing module 512, and the identity code checking module 514 shown in fig. 5. The computer program formed by the program modules enables the processor to execute the steps of the login-free method after webpage jump of the embodiments of the application described in the specification.
A computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of the method of: receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping; analyzing the webpage jump request to obtain a user identity ciphertext; decrypting the user identity ciphertext to obtain a user identity code; generating a session control object according to the user identity code; establishing connection with a user side matched with the webpage jump request; providing the skipped web pages to the user side through connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump; receiving a user identity code to be verified sent by a user side; verifying the user identity code and the user identity code to be verified through the session control object; and when the verification is passed, logging in the webpage after the jump.
According to the computer equipment, after the webpage jump request sent by the server of the jump webpage is received, the webpage jump request is analyzed to obtain the user identity ciphertext, the user identity ciphertext is decrypted to obtain the user identity code, so that the session control object can be generated according to the user identity code, and the session control object can be used for verifying whether the user side logs in or not. After the user end matched with the webpage jump request is connected, the user identity code to be verified sent by the user end is received, and when the user identity code to be verified is verified to pass through the session control object, information indicating successful login is generated, so that login of the user end can be simulated, login-free after webpage jump is realized, and further efficiency is improved.
In one embodiment, the processor performs the step of decrypting the user identity cryptogram to obtain the user identity code, including the steps of: decrypting the user identity ciphertext by using the first public key to obtain plaintext information; and acquiring the user identity code according to the transmission parameters in the plaintext information.
In one embodiment, the computer program, when executed by the processor, further causes the processor to perform the steps of the method of: acquiring signature information and a timestamp according to transmission parameters in plaintext information; verifying the signature information and the timestamp to obtain a verification result; writing the check result into a check log; and when the verification result shows that the verification is passed, executing the step of generating the session control object according to the user identity code.
In one embodiment, the processor performs the step of verifying the signature information and the timestamp to obtain a verification result, including the steps of: checking whether the timestamp appears in the check log; if not, decrypting the signature information by using the second public key to obtain summary information; encrypting the user identity code and the transmission parameter in the plaintext information by using a Hash algorithm to obtain a check ciphertext; and when the abstract information is consistent with the check ciphertext, obtaining a check result which shows that the check is passed.
In one embodiment, after the processor performs the step of establishing the connection with the user terminal matched with the webpage jump request, the processor further performs the following method steps: acquiring a corresponding page file according to the webpage jump request; and sending the acquired page file to the user side.
In one embodiment, the user side runs a page engine and a browser; the computer program, when executed by the processor, further causes the processor to perform the steps of the method of: sending the page file to a page engine; after the page engine analyzes the page file to obtain the page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before jumping to the webpage pointed by the webpage jumping request according to the page elements sent by the page engine.
In one embodiment, the server corresponding to the webpage before the jump synchronizes data with the server corresponding to the webpage after the jump in timing.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, databases, or other media used in the embodiments provided herein may include non-volatile memory.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A login-free method after webpage skipping, the method comprising:
receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping;
analyzing the webpage jump request to obtain a user identity ciphertext;
decrypting the user identity ciphertext to obtain a user identity code;
generating a session control object according to the user identity code;
establishing connection with the user side matched with the webpage jump request;
providing the webpage after the jump to the user side through the connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump;
receiving a user identity code to be verified sent by the user side;
verifying the user identity code and the user identity code to be verified through the session control object;
when the verification is passed, logging in the webpage after the jump;
the generating of the session control object according to the user identity code comprises:
and filling the user identity code into the session control object which does not store the information.
2. The method of claim 1, wherein decrypting the user identity cryptogram to obtain a user identity code comprises:
decrypting the user identity ciphertext by using the first public key to obtain plaintext information;
and acquiring the user identity code according to the transmission parameters in the plaintext information.
3. The method of claim 2, further comprising:
acquiring signature information and a timestamp according to the transmission parameters in the plaintext information;
verifying the signature information and the timestamp to obtain a verification result;
writing the verification result into a verification log;
and when the verification result shows that the verification is passed, executing the step of generating the session control object according to the user identity code.
4. The method of claim 3, wherein the verifying the signature information and the timestamp to obtain a verification result comprises:
checking whether the timestamp appears in a check log; if not, then
Decrypting the signature information by using a second public key to obtain summary information;
encrypting the user identity code and the transmission parameter in the plaintext information by using a Hash algorithm to obtain a check ciphertext;
and when the abstract information is consistent with the check ciphertext, obtaining a check result indicating that the check is passed.
5. The method of claim 1, wherein after the connection is established between the user terminal matched with the webpage jump request, the method further comprises:
acquiring a corresponding page file according to the webpage jump request;
and sending the acquired page file to the user side.
6. The method of claim 5, wherein the user side has a page engine and a browser running thereon; the method further comprises the following steps:
sending the page file to the page engine;
and after the page engine analyzes the page file to obtain page elements, the page elements are sent to the browser by the page engine, so that the browser jumps from the webpage before the jump to the webpage pointed by the webpage jump request according to the page elements sent by the page engine.
7. The method according to any one of claims 1 to 6, wherein the server corresponding to the web page before the jump synchronizes data with the server corresponding to the web page after the jump in timing.
8. A login-free device after webpage jump is characterized in that the device comprises:
the receiving module is used for receiving a webpage skipping request; the webpage skipping request is initiated by a server corresponding to the webpage before skipping;
the analysis module is used for analyzing the webpage jump request to obtain a user identity ciphertext;
the decryption module is used for decrypting the user identity ciphertext to obtain a user identity code;
the object generation module is used for generating a session control object according to the user identity code;
the connection establishing module is used for establishing connection with the user side matched with the webpage skipping request;
the webpage providing module is used for providing the webpage after the webpage skips to the user side through the connection; the first-level domain name of the webpage after the jump is different from that of the webpage before the jump;
the receiving module is further configured to receive a user identity code to be verified, which is sent by the user side;
the identity code checking module is used for checking the user identity code and the user identity code to be verified through the session control object; when the verification is passed, logging in the webpage after the jump;
the object generation module is also used for filling the user identity code into the session control object which does not store information.
9. A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 7.
10. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711407951.0A CN108040065B (en) | 2017-12-22 | 2017-12-22 | Login-free method and device after webpage skipping, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711407951.0A CN108040065B (en) | 2017-12-22 | 2017-12-22 | Login-free method and device after webpage skipping, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108040065A CN108040065A (en) | 2018-05-15 |
| CN108040065B true CN108040065B (en) | 2021-02-19 |
Family
ID=62100816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711407951.0A Active CN108040065B (en) | 2017-12-22 | 2017-12-22 | Login-free method and device after webpage skipping, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108040065B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347457A (en) * | 2019-05-31 | 2019-10-18 | 深圳壹账通智能科技有限公司 | Method for page jump, device, storage medium and computer equipment |
| CN111046314A (en) * | 2019-11-29 | 2020-04-21 | 贝壳技术有限公司 | Report form viewing method and device, electronic equipment and storage medium |
| CN111181977B (en) * | 2019-12-31 | 2021-06-04 | 瑞庭网络技术(上海)有限公司 | Login method, device, electronic equipment and medium |
| CN111683146B (en) * | 2020-06-08 | 2022-11-11 | 北京明略昭辉科技有限公司 | Method and device for processing jump instruction and electronic equipment |
| CN112003847B (en) * | 2020-08-14 | 2023-07-18 | 苏州浪潮智能科技有限公司 | Front-end authority access method and device |
| CN111931088B (en) * | 2020-10-13 | 2021-01-26 | 北京拓课网络科技有限公司 | Webpage link processing method and device and electronic equipment |
| CN112583602B (en) * | 2020-12-08 | 2022-10-28 | 数字广东网络建设有限公司 | Information code data transmission method, device, system, computer device and medium |
| CN113434234B (en) * | 2021-06-29 | 2023-06-09 | 青岛海尔科技有限公司 | Page jump method, device, computer readable storage medium and processor |
| CN115706670A (en) * | 2021-08-10 | 2023-02-17 | 中国联合网络通信集团有限公司 | Identity verification method and equipment |
| CN114285815A (en) * | 2021-12-21 | 2022-04-05 | 中国农业银行股份有限公司 | Application skipping method and application skipping device |
| CN115037545A (en) * | 2022-06-14 | 2022-09-09 | 江苏银承网络科技股份有限公司 | Method, device and storage medium for login of website without secret authorization |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683361A (en) * | 2015-03-30 | 2015-06-03 | 郑州悉知信息技术有限公司 | Network session storage method, and network access method and device |
| CN105897746A (en) * | 2016-05-26 | 2016-08-24 | 深圳市金立通信设备有限公司 | Cross-website login method, terminal and website server |
| CN103634399B (en) * | 2013-11-29 | 2017-02-08 | 北京奇虎科技有限公司 | Method and device for realizing cross-domain data transmission |
| KR101735964B1 (en) * | 2015-12-17 | 2017-05-15 | 숭실대학교산학협력단 | Terminal device and Smart device using login website of the terminal device and Method for controlling the same |
| CN106790465A (en) * | 2016-12-09 | 2017-05-31 | 深圳市小满科技有限公司 | cross-domain access method and device |
| CN107040543A (en) * | 2017-04-26 | 2017-08-11 | 努比亚技术有限公司 | Single-point logging method, terminal and storage medium |
-
2017
- 2017-12-22 CN CN201711407951.0A patent/CN108040065B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634399B (en) * | 2013-11-29 | 2017-02-08 | 北京奇虎科技有限公司 | Method and device for realizing cross-domain data transmission |
| CN104683361A (en) * | 2015-03-30 | 2015-06-03 | 郑州悉知信息技术有限公司 | Network session storage method, and network access method and device |
| KR101735964B1 (en) * | 2015-12-17 | 2017-05-15 | 숭실대학교산학협력단 | Terminal device and Smart device using login website of the terminal device and Method for controlling the same |
| CN105897746A (en) * | 2016-05-26 | 2016-08-24 | 深圳市金立通信设备有限公司 | Cross-website login method, terminal and website server |
| CN106790465A (en) * | 2016-12-09 | 2017-05-31 | 深圳市小满科技有限公司 | cross-domain access method and device |
| CN107040543A (en) * | 2017-04-26 | 2017-08-11 | 努比亚技术有限公司 | Single-point logging method, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108040065A (en) | 2018-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108040065B (en) | Login-free method and device after webpage skipping, computer equipment and storage medium | |
| JP7215684B2 (en) | Key exchange through a partially trusted third party | |
| US11089032B2 (en) | Signed envelope encryption | |
| CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
| US7890634B2 (en) | Scalable session management | |
| EP3869730A1 (en) | Confidential communication management | |
| CN101860540B (en) | Method and device for identifying legality of website service | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN109040079A (en) | The establishment of live streaming chained address and verification method and related device | |
| CN110071937B (en) | Login method, system and storage medium based on block chain | |
| KR20210112359A (en) | Browser Cookie Security | |
| US20140237239A1 (en) | Techniques for validating cryptographic applications | |
| CN112836206A (en) | Login method, device, storage medium and computer equipment | |
| KR100956452B1 (en) | A method for protecting from phishing attack | |
| KR100890720B1 (en) | Method for Selectively Encrypting Web Contents and Computer-Readable Recording Medium Where Program Executing the Same Method | |
| CN109450643B (en) | Signature verification method realized on Android platform based on native service | |
| CN107086918B (en) | A kind of client validation method and server | |
| CN103297464A (en) | Program information obtaining method and device | |
| JP6688782B2 (en) | Network communication method and network communication system | |
| CN111565178B (en) | Service information issuing method, device, server, client and storage medium | |
| Gionta et al. | iHTTP: Efficient authentication of non-confidential HTTP traffic | |
| JP6364957B2 (en) | Information processing system, information processing method, and program | |
| CN114598464A (en) | Data updating method and controller | |
| CN113973508A (en) | Preventing data manipulation and protecting user privacy in telecommunications network measurements |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |