Summary of the invention
To solve the above problems, the invention discloses the methods for generating session id based on Nginx server, with nginx phase
The form of plug-in unit is answered, the session id for being not easy to be forged can be quickly generated.
In order to achieve the above object, the invention provides the following technical scheme:
A method of session id is generated based on nginx server, is included the following steps:
Step 1, cluster internal generate non repetitive sequence, and sequence includes: nginx example ID, timestamp, counter,
Nginx example ID has uniqueness;
Step 2 carries out operation using CRC32 algorithm to the sequence that step 1 generates, obtains a whole-number result, the knot
The node number of fruit and Redis do modular arithmetic, and obtained result is as Redis node ID;
Session id will be written validity period in step 3;
Step 4 splices sequence, Redis node ID, validity period, and carries out operation using Base64 algorithm and arrive session to obtain the final product
The numerical part of ID;
Step 5 splices the numerical part of session id, the User-Agent of client, client ip, server end password,
Then according to character ascending sort, operation finally is carried out using MD5 algorithm, operation result is check code;
Step 6, the identifying code that the session id numerical part and step 5 that splicing step 4 generates generate, obtains final
Session id.
As an improvement, further including session id method of calibration, comprise the following processes:
When receiving the request of client, the 128Bit check code at session id end is intercepted, then rest part is session id
Numerical part;The numerical part of session id is decoded using Base64 algorithm, decoded data are proceeded as follows:
Whether expired verify session id:
The 1st to the 40th is taken, the entry-into-force time is calculated;
The 69th is taken out to 76, calculates validity period;
If entry-into-force time+validity period < current time, session are expired;
Whether verification session id, which is forged, is distorted:
The numerical part of session id is spliced with client ip, client User-Agent, calculates MD5 code, and by result
It compares, judges whether identical with the check code in session id;If identical, indicate that session id is correct;If it is not the same, then indicating
Session id is to forge, or be tampered, mistake of dishing out;
Verify session id validity:
The 65th to 68 is intercepted, Redis node ID is obtained, according to Redis node ID, from corresponding Redis memory node
The session id is inquired, if inquiring data, illustrates that session id is effective, otherwise illustrates that the session id is invalid.
Further, counter current value is stored in shared drive, all Worker processes on separate unit Nginx server
Share the counter.
Compared with prior art, the invention has the advantages that and the utility model has the advantages that
The present invention realizes generation and the verifying function of session id on Nginx, reduces internal system network expense, subtracts
The pressure of few back end application server, reduces hardware consumption, improves throughput of system, realize the reasonable utilization of resource.
Specific embodiment
Technical solution provided by the invention is described in detail below with reference to specific embodiment, it should be understood that following specific
Embodiment is only illustrative of the invention and is not intended to limit the scope of the invention.In addition, step shown in the flowchart of the accompanying drawings
Suddenly it can execute in a computer system such as a set of computer executable instructions, although also, showing in flow charts
Logical order, but in some cases, it can be with the steps shown or described are performed in an order that is different from the one herein.
The generation method provided by the invention that session id is generated based on Nginx server is as shown in Figure 1 and Figure 2, specific to wrap
Include following steps:
Step 1, cluster internal non repetitive sequence generate scheme:
Sequence is made up of following element: nginx example ID, timestamp (Millisecond), counter.
Field name |
Length |
Timestamp |
40bit |
Nginx example ID |
4bit |
Counter |
20bit |
The wherein calculation of timestamp are as follows: -2016 zero second on the stroke of midnight on January 1, of current time.40bit storage
Data can be supported to the year two thousand fifty;
Nginx example ID length is 4bit, ID range: [0,15].It could support up 16 nginx;For each in cluster
Nginx server distributes a unique ID, uses the ID as a part of sequence.
Counter is combined in sequence, guarantees the uniqueness of sequence.Counter heights are 20bit, range: [0,1048575],
That is, every millisecond of at most 1,040,000 ID of production.When counter reaches the upper limit, 1 millisecond is waited.Then it resets, recalculates.Meter
Number device current value is stored in shared drive.All Worker processes can share the counter on separate unit Nginx server.
Step 2, it will words ID is put on more Redis clusters and the ID of Redis node is embedded in session id, in big data feelings
Under condition, the memory node ID being embedded in by extracting session id can directly inquire corresponding Redis database according to node ID,
The search efficiency of session id can be improved.
Operation is carried out using CRC32 algorithm by the sequence generated to step 1, a whole-number result, the knot can be obtained
The node number of fruit and Redis do modular arithmetic, and obtained result is Redis node ID.
Redis node ID format are as follows:
Field name |
Length |
Redis node ID |
4bit |
Session id will be written validity period in step 3, reduce server memory expense.
Validity period format are as follows:
Field name |
Length |
Value range |
Type |
2bit |
0- points;1- hours;2- days;The 3- month |
Value |
6bit |
0~64 |
Total 8bit.
The range that can be indicated are as follows:
1 to 64 point
1 to 64 hour
1 to 64 day
1 to 64 month
Such as:
Validity period |
Binary system |
Integer |
1 minute |
00000001 |
1 |
5 minutes |
00000101 |
5 |
1 hour |
01000001 |
65 |
8 hours |
01001000 |
72 |
1 day |
10000001 |
129 |
2 days |
10000010 |
130 |
7 days |
10000111 |
135 |
January |
11000001 |
193 |
Step 4 generates the numerical part of session id.
Splice sequence, Redis node ID, validity period, and carries out the number that session id is arrived in operation to obtain the final product using Base64 algorithm
Value part.Data are changed into base64 format by this step, can reduce session id length.
Step 5 generates identifying code.
Splice the numerical part of session id, the User-Agent of client, client ip, server end password, then presses
According to character ascending sort, operation finally is carried out using MD5 algorithm, operation result is check code.Meeting can be prevented using check code
Words ID is forged.
Step 6 is generated into session id.
Splice the session id numerical part that step 4 generates and the identifying code that step 5 generates to get final session is arrived
ID。
After session id generates, stores into the corresponding Redis database of mod_x, after storing successfully, return to client.
Step 7, verifying client are transmitted through the session id come.
When receiving the request of client, the 128Bit check code at session id end is intercepted, then rest part is session id
Numerical part.
Nginx is upper directly to do following verification to session id:
1. whether session id is expired
2. whether session id be tampered, forge.
Method of calibration:
The numerical part of session id is decoded using Base64 algorithm first, fetch bit operation below is all to decoded
Data are operated.
1. whether verify session id expired
The 1st to the 40th is taken, the entry-into-force time is calculated;The 69th is taken out to 76, calculates validity period.
If entry-into-force time+validity period < current time, session are expired.
2. whether verification session id be tampered, forge
The numerical part of session id is spliced with client ip, client User-Agent, calculates MD5 code, and by result
It compares, judges whether identical with the check code in session id.
If identical, correctly;If it is not the same, session id is to forge, or be tampered, mistake of dishing out.
3. verifying the validity of session id
The 65th to 68 is intercepted, Redis node ID is obtained, according to Redis node ID, from corresponding Redis memory node
The session id is inquired, if inquiring data, illustrates that session id is effective, otherwise the session id is invalid.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The technical means disclosed in the embodiments of the present invention is not limited only to technological means disclosed in above embodiment, further includes
Technical solution consisting of any combination of the above technical features.It should be pointed out that for those skilled in the art
For, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also considered as
Protection scope of the present invention.