CN110365680B - Batch logout method and device based on single sign-on - Google Patents
Batch logout method and device based on single sign-on Download PDFInfo
- Publication number
- CN110365680B CN110365680B CN201910641997.1A CN201910641997A CN110365680B CN 110365680 B CN110365680 B CN 110365680B CN 201910641997 A CN201910641997 A CN 201910641997A CN 110365680 B CN110365680 B CN 110365680B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- logout
- clients
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012790 confirmation Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 4
- 238000013461 design Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 230000003993 interaction Effects 0.000 description 5
- 238000004091 panning Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/1607—Details of the supervisory signal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Abstract
The embodiment of the invention provides a batch logout method and a device based on single sign-on, wherein the method comprises the following steps: the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out. And the server side respectively sends login requests to the plurality of clients according to the login information, wherein the login requests are used for indicating that the clients quit the login of the server side. And the client receives a logout request sent by the server. And the client deletes the local session between the client and the user according to the log-out request. And the client sends an ACK message to the server. And the server receives the ACK message returned by the second client in the plurality of clients and confirms that the second client logs out successfully. The client sends the ACK message to the server, so that the server can determine whether the client logs out successfully, the problem that the server cannot determine the log-out state of the client is avoided, and the safety of the system is improved.
Description
Technical Field
The embodiment of the invention relates to computer technology, in particular to a batch logout method and device based on single sign-on.
Background
The single sign-on is a concept corresponding to the single sign-on, wherein the single sign-on means that a user can access the user sides corresponding to all the mutually trusted service systems only by performing a sign-on operation once, and the corresponding single sign-on means that the user can log off all the user sides of the logged-on service systems only by logging off once.
In the prior art, when single-point logout is implemented, generally, a polling method is used to access a user side corresponding to each subsystem in a mutually trusted service system, and send logout requests to all the client sides, and then the client sides clear local session control according to the logout requests, so as to implement logout of the client sides.
However, some clients may fail to log out, and the server cannot determine whether the client logs out successfully, so that the security of the system cannot be guaranteed.
Disclosure of Invention
The embodiment of the invention provides a batch logout method and device based on single sign-on, aiming at overcoming the defect that a server cannot determine whether a client logs out successfully.
In a first aspect, an embodiment of the present invention provides a batch logout method based on single sign-on, which is applied to a server, where multiple clients successfully log on the server through single sign-on; the method comprises the following steps:
the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out;
the server side sends logout requests to the plurality of clients respectively according to the logout messages, wherein the logout requests are used for indicating the clients to log out of the server side;
and if the server receives an ACK (acknowledgement) message returned by a second client in the plurality of clients, confirming that the second client logs out successfully.
In a possible design, if the server does not receive an ACK acknowledgment message returned by a third client in the plurality of clients, the method further includes:
the server side sends a logout request to the third client side again, and records the times of sending the logout request;
and if the server determines that the times exceed the preset times, determining that the third client fails to log out.
In one possible design, if the third ue fails to log out, the method further includes:
and the server side sends a warning message to the third client side, wherein the warning message is used for indicating that the third client side fails to log out.
In a possible design, before the server sends the logout requests to the plurality of clients according to the logout message, the method further includes:
the server acquires a client linked list according to the token of the first client, wherein the client linked list stores a plurality of clients corresponding to the same token;
after the server confirms that the log-out of the second client is successful, the method further comprises:
and the server deletes the second client from the client linked list.
In one possible design, the sending, by the server, a logout request to each of the plurality of clients according to the logout message includes:
and the server side performs asynchronous traversal on the client side linked list according to the logout message and sends the logout request to the client sides in parallel through a plurality of threads.
In a second aspect, an embodiment of the present invention provides a batch logout method based on single sign-on, which is applied to a client, where the client and other clients successfully log on at the same server through single sign-on; the method comprises the following steps:
the client receives a logout request sent by the server;
the client deletes the local session between the client and the user side according to the logout request;
and the client sends an ACK message to the server.
In one possible design, before the client receives the logout request sent by the server, the method further includes:
and the client receives an exit request sent by the user side.
In a third aspect, an embodiment of the present invention provides a batch logout apparatus based on single sign-on, which is applied to a server, where multiple clients successfully log on the server through single sign-on; the device includes:
a receiving module, configured to receive, by the server, a logout message sent by a first client in the multiple clients, where the logout message is used to indicate that a client is logged out;
a sending module, configured to send, by the server, logout requests to the multiple clients respectively according to the logout message, where the logout requests are used to instruct the clients to log out of the server;
and the confirmation module is used for confirming that the second client logs out successfully if the server receives the ACK confirmation message returned by the second client in the plurality of clients.
In one possible design, the sending module is further configured to:
if the server side does not receive the ACK confirmation message returned by the third client side of the plurality of client sides, the server side sends a logout request to the third client side again, and the times of sending the logout request are recorded;
and if the server determines that the times exceed the preset times, determining that the third client fails to log out.
In one possible design, the sending module is further configured to:
and if the third client fails to log out, the server sends a warning message to the third client, wherein the warning message is used for indicating that the third client fails to log out.
In one possible design, further comprising: an acquisition module;
the obtaining module is configured to, before the server sends a logout request to the plurality of clients according to the logout message, obtain, by the server, a client linked list according to the token of the first client, where the plurality of clients corresponding to the same token are stored in the client linked list;
the confirmation module is further to:
and after the server side confirms that the second client side logs out successfully, the server side deletes the second client side from the client side linked list.
In one possible design, the sending module is specifically configured to:
and the server side performs asynchronous traversal on the client side linked list according to the logout message and sends the logout request to the client sides in parallel through a plurality of threads.
In a fourth aspect, an embodiment of the present invention provides a batch logout apparatus based on single sign-on, which is applied to a client, where the client and other clients successfully log on at the same server through single sign-on; the device includes:
the receiving module is used for the client to receive the logout request sent by the server;
the deleting module is used for deleting the local session between the client and the user side by the client according to the logout request;
and the sending module is used for sending an ACK (acknowledgement) message to the server by the client.
In one possible design, the receiving module is further configured to:
and before the client receives the logout request sent by the server, the client receives the logout request sent by the client.
In a fifth aspect, an embodiment of the present invention provides a batch logout device based on single sign-on, including:
a memory for storing a program;
a processor for executing the program stored by the memory, the processor being adapted to perform the method as described above in the first aspect and any one of the various possible designs of the first aspect when the program is executed.
In a sixth aspect, an embodiment of the present invention provides a batch logout device based on single sign-on, including:
a memory for storing a program;
a processor for executing the program stored in the memory, the processor being configured to perform the method as described above in the second aspect and any one of the various possible designs of the second aspect when the program is executed.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to perform the method as described in the first aspect and any one of various possible designs of the first aspect.
In an eighth aspect, embodiments of the present invention provide a computer-readable storage medium including instructions which, when executed on a computer, cause the computer to perform the method as described above in the second aspect and any one of various possible designs of the second aspect.
The embodiment of the invention provides a batch logout method and a device based on single sign-on, wherein the method comprises the following steps: the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out. And the server side respectively sends login requests to the plurality of clients according to the login information, wherein the login requests are used for indicating that the clients quit the login of the server side. And the client receives a logout request sent by the server. And the client deletes the local session between the client and the user according to the log-out request. And the client sends an ACK message to the server. And if the server receives an ACK message returned by a second client in the plurality of clients, the server confirms that the second client logs out successfully. The client sends the ACK message to the server, so that the server can determine whether the client logs out successfully, the problem that the server cannot determine the log-out state of the client is avoided, and the safety of the system is improved.
Drawings
Fig. 1 is a system schematic diagram of a batch logout method based on single sign-on according to an embodiment of the present invention;
fig. 2 is a first flowchart of a batch logout method based on single sign-on according to an embodiment of the present invention;
fig. 3 is a flowchart of a batch logout method based on single sign-on according to an embodiment of the present invention;
fig. 4 is a first schematic structural diagram of a batch logout apparatus based on single sign-on according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a batch logout apparatus based on single sign-on according to an embodiment of the present invention;
fig. 6 is a third schematic structural diagram of a batch logout apparatus based on single sign-on according to an embodiment of the present invention;
fig. 7 is a first hardware structure diagram of a batch logout device based on single sign-on according to an embodiment of the present invention;
fig. 8 is a hardware structure diagram of a batch logout device based on single sign-on according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic system diagram of a batch logout method based on single sign-on according to an embodiment of the present invention, and as shown in fig. 1, the system includes: a plurality of clients 101 and a server 102.
The client 101 generally runs on a terminal device owned by a user, where the client 101 may be, for example, a browser, or may also be an application integrated with a single sign-on (sign-off) function, and the implementation manner of the client 101 is not limited in this embodiment as long as it can implement the single sign-off function, where the terminal device may be, for example, a computer device, a tablet computer, or a mobile phone (or referred to as a "cellular" phone), and the terminal device may also be a portable, pocket, hand-held, or computer-embedded mobile device or apparatus, as long as the terminal device can interact with the server, and this is not particularly limited here.
In this embodiment, the client 101 may operate a user, where the user is each subsystem in a mutually trusted service system, for example, the client 101 is a browser, where the user may be, for example, a website such as panning, tianmao, and pay for treasure, for example, the client 101 logs in panning according to a user name and a password input by the user, then each subsystem corresponding to panning performs single sign-on, and when the user operates the user of tianmao, the user of tianmao does not need to log in again.
The following introduces a specific implementation manner of single sign-on, and an independent authentication center is arranged in the server 102, wherein only the authentication center can accept the verification information such as the user name and the password sent by the client 101, and after the client 101 successfully logs on, other corresponding subsystems do not provide a login entry any more, and the login of the server can be realized only by receiving the indirect authorization of the authentication center.
Specifically, when the user 1 needs to access a protected resource to the server (for example, the user can only check shopping cart data and historical purchase records after logging in, taking panning as an example), the client 101 sends an access request to the server, if the server 102 finds that the client 101 is not logged in, the server 102 controls the client 101 to jump to an authentication center, the authentication center guides the user 1 to a login page, and then the client 101 receives a user name and a password input by the user on the login page of the user 1 and submits the user name and the password to the authentication center.
The authentication center carries out verification according to the user name and the password, when the verification is successful, a global session between the user end 1 and the authentication center is established, meanwhile, the user end 1 is controlled to log in a server, the server sends the resources which the user end 1 needs to access to the client 101, then the client 101 establishes a local session with the user end 1, and the resources (such as shopping cart data, webpage data and the like) which the user end 1 needs are returned to the user end 1.
When the user 2 needs to access the protected resource to the server, the same operation is performed, so that the server 102 controls the client 101 to jump to the authentication center, and at this time, the authentication center finds that the user 2 is already logged in (because of single sign-on), the server sends the resource that the user 2 needs to access to the client 101, and then the client 101 creates a local session with the user 2, and returns the resource (such as shopping cart data, web page data, etc.) required by the user 2 to the user 2.
In this embodiment, the number of the clients 101 logging in the server 102 is not limited, and those skilled in the art can understand that the specific number is determined according to the load of the server 102 and the service system, in this embodiment, the clients 101 and the server 102 may interact with each other, where the interaction manner may be, for example, a wired network, and the wired network may include, for example, a coaxial cable, a twisted pair, an optical fiber, and the like, and the interaction manner may also be, for example, a Wireless network, and the Wireless network may be, for example, a 2G network, a 3G network, a 4G network, or a 5G network, a Wireless Fidelity (WIFI) network, and the like. The embodiment of the present invention does not limit the specific type or specific form of the interaction, as long as the interaction function between the server and the terminal can be realized.
Further, in the prior art, when performing a single sign-off operation, a user initiates a sign-off data to the client 101, the client 101 initiates a log-off request to the authentication center according to the sign-off data of the user, the authentication center first deletes the global session with the client 101, and simultaneously initiates a sign-off request to all clients 101 in a login state, and each client executes a sign-off operation according to the sign-off request of the authentication center.
However, if the log-out operation of each client is successfully executed and the authentication center is not guaranteed, when abnormal problems such as network timeout occur, some clients fail to log out, so that the validity of single-point log-out is difficult to guarantee.
Based on the above problem, the present invention provides a batch logout method based on single sign-on, which is described below with reference to specific embodiments, and first described with reference to fig. 2, where fig. 2 is a first flowchart of the batch logout method based on single sign-on provided by the embodiment of the present invention, and as shown in fig. 2, the method includes:
s201, the first client sends a logout message to the server.
S202, the server receives a logout message sent by a first client in the plurality of clients, where the logout message is used to indicate that the client is logged out.
Specifically, when the user needs to log out of the login state, the first client receives a logout request sent by the user, and logs out the user according to the logout request, because the logout of the user is actively performed at this time, the logout of the first client can be guaranteed, and those skilled in the art can understand that the first client refers to a client corresponding to the user that currently sends the logout request.
The first client sends a logout message to the server after receiving the logout request, wherein the logout message is used for indicating that the user terminal is logged out.
And S203, the server side sends login requests to the plurality of clients respectively according to the login messages, wherein the login requests are used for indicating that the clients quit the login of the server side.
After the server receives the logout message, the server determines that the client corresponding to the current first client is logged out, and then in order to ensure normal single-point logout, the clients corresponding to the other mutually trusted subsystems also need to perform corresponding logout operation.
Specifically, the server sends a login request to each of the plurality of clients to instruct each client to log out of the login of the server.
And S204, the client receives the logout request sent by the server.
And S205, the client deletes the local session between the client and the user side according to the login request.
Taking the second client as an example for illustration, the second client can understand any one of the clients that receives the logout request, wherein the second client and the first client can be, for example, the same client, for example, the second client and the first client are both currently in an open state browser 1, and both the second client and the first client log in the client 1 (e.g., panning) and the client 2 (e.g., tianmao), so that the server actually interacts with the same client when the server respectively handles the logout operations of the client 1 and the client 2.
Or, the second client and the first client may also be different clients, for example, if the user first opens the first client (the application program corresponding to the user side 1) to perform single sign-on access to the server, where the second client (the application program corresponding to the user side 2) is a client that is trusted by the first client, and then the corresponding second client also performs single sign-on to access the server.
Or, the user may open the browser 1 (first client) to access the user side 1 and simultaneously open the browser 1 (second client) to access the user side 2 again, at this time, although the first client and the second client are both the browser 1, since the first client and the second client are opened twice, the interaction with the server is performed respectively, and thus the clients may be regarded as different clients.
Those skilled in the art can understand that each client corresponds to a respective client, where two clients may correspond to the same client, and the embodiment does not limit the first client and the second client.
Specifically, the above embodiment has explained that when the user side logs in, a local session is established between the client side and the user side, and when the user side needs to log out, the second client side deletes the local session between the client side and the user side, so as to ensure that the user side cannot access the protected resource in the log-out state.
S206, the client sends an ACK message to the server.
And S207, the server receives the ACK message returned by the second client in the plurality of clients, and confirms that the second client logs out successfully.
When the second client deletes the local session with the client according to the logout request, the client can be guaranteed to be logged out, and the second client sends an ACK (acknowledgement character) message to the server at the moment, so that the server confirms that the logout of the second client is successful according to the ACK message returned by the second client, and the problem that the server cannot determine the logout condition of the client is avoided.
In the above embodiment, the second client is taken as an example for introduction, and each client actually in the single sign-on state needs to perform the above operation, that is, the server receives ACK acknowledgement messages sent by all servers to determine whether each client logs out.
The batch logout method based on single sign-on provided by the embodiment of the invention comprises the following steps: the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out. And the server side respectively sends login requests to the plurality of clients according to the login information, wherein the login requests are used for indicating that the clients quit the login of the server side. And the client receives a logout request sent by the server. And the client deletes the local session between the client and the user according to the log-out request. And the client sends an ACK message to the server. And if the server receives an ACK message returned by a second client in the plurality of clients, the server confirms that the second client logs out successfully. The client sends the ACK message to the server, so that the server can determine whether the client logs out successfully, the problem that the server cannot determine the log-out state of the client is avoided, and the safety of the system is improved.
On the basis of the foregoing embodiment, the following describes in detail a batch logout method based on single sign-on provided by the embodiment of the present invention with reference to fig. 3, where fig. 3 is a flowchart of a batch logout method based on single sign-on provided by the embodiment of the present invention, and as shown in fig. 3, the method includes:
s301, the first client sends a logout message to the server.
S302, the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out.
The implementation manners of S301 and S302 are similar to those of S201 and S202, and are not described herein again.
S303, the server acquires a client linked list according to the token of the first client, and a plurality of clients corresponding to the same token are stored in the client linked list.
Specifically, when single sign-on is performed, when the authentication center of the server side successfully verifies the user name and the password, a global session between the user side 1 and the authentication center is created, and a token is created for the first client side, where the token is used to indicate that the first client side has login authority, and the first client side uses the token to create a local session with the user side 1, so as to return to the protected resource of the user side 1.
Secondly, when the second client needs to access the protected resource, the authentication center finds that the user end 2 is logged in, and then the authentication center sends the token which is the same as the first client to the second client, and the second client uses the token to create a local session with the user end 2 and returns the local session to the protected resource of the user end 2.
Secondly, all the clients with the same token are the clients corresponding to the mutually trusted clients in the single sign-on system, which form a client linked list, and a plurality of clients corresponding to the same token are stored in the client linked list.
And S304, the server side performs asynchronous traversal on the client side linked list according to the logout message.
S305, the server side sends log-out requests to the clients in parallel through the threads, wherein the log-out requests are used for indicating the clients to log out of the server side.
The server receives a logout message sent by the first client, wherein the logout message comprises a token, and the server acquires a client linked list according to the token, performs asynchronous traversal on the client linked list and sends logout requests to the clients in parallel through a plurality of threads.
The asynchronous traversal and the parallel sending of the logout request can effectively improve the operation efficiency of single-point logout.
S306, the client receives the logout request sent by the server.
And S307, the client deletes the local session between the client and the user side according to the login request.
S308, the client sends an ACK message to the server.
S309, the server receives the ACK message returned by the second client in the plurality of clients, and confirms that the second client logs out successfully.
And S310, the server deletes the second client from the client linked list.
And if the server side confirms that the second client side logs out successfully, deleting the second client side from the client side linked list.
The batch logout method based on single sign-on provided by the embodiment of the invention comprises the following steps: the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out. The server side obtains a client side linked list according to the token of the first client side, and a plurality of client sides corresponding to the same token are stored in the client side linked list. And the server side performs asynchronous traversal on the client side linked list according to the login information, and sends login requests to the plurality of client sides in parallel through a plurality of threads, wherein the login requests are used for indicating that the client sides quit the login of the server side. And the client receives a logout request sent by the server. And the client deletes the local session between the client and the user according to the log-out request. And the client sends an ACK message to the server. And if the server receives an ACK message returned by a second client in the plurality of clients, the server confirms that the second client logs out successfully. And the server deletes the second client from the client linked list. The method and the device have the advantages that the login requests are sent to the plurality of clients in parallel in an asynchronous client linked list traversing mode, so that the efficiency of sending the login requests to the clients is effectively improved, and the single-point login speed is improved.
On the basis of the foregoing embodiment, in the batch logout method based on single sign-on provided by the present invention, if the server does not receive an ACK acknowledgment message returned by a third client of the multiple clients, the method provided by the present invention further includes:
the server sends the logout request to the third client again, and records the times of sending the logout request;
and if the determined times of the server side exceed the preset times, determining that the third client side fails to log out.
Specifically, if the server does not receive the ACK acknowledgment message returned by the third client, the server cannot determine whether the third client logs out successfully, and at this time, the server sends a logout request to the third client again.
In an alternative implementation manner, the third client logs out successfully, and only if the server does not receive the ACK acknowledgement message returned by the third client due to failure, loss, and the like of sending the ACK message, the third client sends the ACK acknowledgement message to the server again.
In another optional implementation manner, if the third client does not fail to log out due to network anomaly or the like, the third client performs a log-out operation again according to the log-out request re-sent by the server at this time, and sends an ACK acknowledgement message to the server when the log-out is successful.
Meanwhile, the server records the number of times of sending the logout request, and if the number of times of sending the logout request by the server exceeds a preset number of times and an ACK (acknowledgement character) message sent by a third client is not received, the login failure of the third client is determined, wherein the preset number of times can be set according to actual requirements.
According to the batch logout method based on single sign-on provided by the embodiment of the invention, when the ACK confirmation message returned by the client is not received, the logout request is sent to the client again to remind the client of single logout, so that the success rate of single logout of the client is effectively improved, and the login failure of the third client is determined by recording the times of sending the logout request and comparing the times with the preset times when the sending times are determined to exceed the preset times, so that the misjudgment caused by message receiving advocation is avoided, and the success rate of logout can be effectively improved by re-login attempts within the preset times under the condition that the login of the client fails.
On the basis of the foregoing embodiment, if the third client fails to log out, the method provided by the present invention further includes:
and the server side sends a warning message to the third client side, wherein the warning message is used for indicating that the third client side fails to log out.
The specific implementation manner of the warning message may be set according to actual requirements, as long as the third client receives the indication message that the logout fails.
And sending a warning message to the third client with the login failure so that the third client can determine the login failure state for subsequent processing.
Fig. 4 is a first schematic structural diagram of a batch logout device based on single sign-on according to an embodiment of the present invention. As shown in fig. 4, the apparatus 40 includes: a receiving module 401, a sending module 402 and an acknowledgement module 403.
A receiving module 401, configured to receive, by the server, a logout message sent by a first client in the multiple clients, where the logout message is used to indicate that a user terminal is logged out;
a sending module 402, configured to send, by the server, a logout request to the multiple clients respectively according to the logout message, where the logout request is used to instruct each of the clients to log out of the server;
a confirming module 403, configured to confirm that the second client logs out successfully if the server receives an ACK confirmation message returned by the second client in the multiple clients.
In one possible design, the sending module 402 is further configured to:
if the server side does not receive the ACK confirmation message returned by the third client side of the plurality of client sides, the server side sends a logout request to the third client side again, and the times of sending the logout request are recorded;
and if the server determines that the times exceed the preset times, determining that the third client fails to log out.
In one possible design, the sending module 402 is further configured to:
and if the third client fails to log out, the server sends a warning message to the third client, wherein the warning message is used for indicating that the third client fails to log out.
The apparatus provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a batch logout apparatus based on single sign-on according to an embodiment of the present invention. As shown in fig. 5, this embodiment further includes, on the basis of the embodiment in fig. 4: an acquisition module 504.
In a possible design, the obtaining module 504 is configured to, before the server sends a logout request to each of the plurality of clients according to the logout message, obtain, by the server, a client linked list according to the token of the first client, where the plurality of clients corresponding to the same token are stored in the client linked list;
the confirmation module 503 is further configured to:
and after the server side confirms that the second client side logs out successfully, the server side deletes the second client side from the client side linked list.
In one possible design, the sending module 502 is specifically configured to:
and the server side performs asynchronous traversal on the client side linked list according to the logout message and sends the logout request to the client sides in parallel through a plurality of threads.
The apparatus provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 6 is a third schematic structural diagram of a batch logout device based on single sign-on according to an embodiment of the present invention. As shown in fig. 6, the apparatus 60 includes: a receiving module 601, a deleting module 602, and a sending module 603.
A receiving module 601, configured to receive, by the client, a logout request sent by the server;
a deleting module 602, configured to delete the local session between the client and the user according to the logout request;
a sending module 603, configured to send an ACK confirmation message to the server by the client.
In one possible design, the receiving module 601 is further configured to:
and before the client receives the logout request sent by the server, the client receives the logout request sent by the client.
The apparatus provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 7 is a first schematic hardware structure diagram of a batch logout device based on single sign-on according to an embodiment of the present invention, and as shown in fig. 7, the batch logout device 70 based on single sign-on according to the embodiment of the present invention includes: a processor 701 and a memory 702; wherein
A memory 702 for storing computer-executable instructions;
the processor 701 is configured to execute the computer-executable instructions stored in the memory to implement the steps performed by the batch logout method based on single sign-on in the foregoing embodiments. Reference may be made in particular to the description relating to the method embodiments described above.
Alternatively, the memory 702 may be separate or integrated with the processor 701.
When the memory 702 is independently configured, the batch logout apparatus based on single sign-on further includes a bus 703 for connecting the memory 702 and the processor 701.
Fig. 8 is a schematic diagram of a hardware structure of a batch logout device based on single sign-on according to an embodiment of the present invention, and as shown in fig. 8, a batch logout device 80 based on single sign-on according to the embodiment of the present invention includes: a processor 801 and a memory 802; wherein
A memory 802 for storing computer-executable instructions;
the processor 801 is configured to execute the computer-executable instructions stored in the memory to implement the steps performed by the batch logout method based on single sign-on in the foregoing embodiments. Reference may be made in particular to the description relating to the method embodiments described above.
Alternatively, the memory 802 may be separate or integrated with the processor 801.
When the memory 802 is independently configured, the batch logout apparatus based on single sign-on further includes a bus 803 for connecting the memory 802 and the processor 801.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer execution instructions, and when a processor executes the computer execution instructions, the batch logout method based on single sign-on, which is executed by the batch logout device based on single sign-on above, is implemented.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer execution instructions, and when a processor executes the computer execution instructions, the batch logout method based on single sign-on, which is executed by the batch logout device based on single sign-on above, is implemented.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of modules may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (english: processor) to execute some steps of the methods according to the embodiments of the present application.
It should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile storage NVM, such as at least one disk memory, and may also be a usb disk, a removable hard disk, a read-only memory, a magnetic or optical disk, etc.
The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
The storage medium may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A batch logout method based on single sign-on is characterized in that the batch logout method is applied to a server, and a plurality of clients successfully log on the server through the single sign-on; the method comprises the following steps:
the server receives a logout message sent by a first client in the plurality of clients, wherein the logout message is used for indicating that the client is logged out;
the server acquires a client linked list according to the token of the first client, wherein the client linked list stores a plurality of clients corresponding to the same token;
the server side sends logout requests to the plurality of clients respectively according to the logout messages, wherein the logout requests are used for indicating the clients to log out of the server side;
and if the server receives an ACK (acknowledgement) message returned by a second client in the plurality of clients, the server confirms that the second client logs out successfully and deletes the second client from the client linked list, wherein the second client is a client different from the first client.
2. The method according to claim 1, wherein if the server side does not receive an ACK acknowledgement message returned by a third client side of the plurality of client sides, the method further comprises:
the server side sends a logout request to the third client side again, and records the times of sending the logout request;
and if the server determines that the times exceed the preset times, determining that the third client fails to log out.
3. The method of claim 2, wherein if the third ue fails to log out, the method further comprises:
and the server side sends a warning message to the third client side, wherein the warning message is used for indicating that the third client side fails to log out.
4. The method according to claim 1, wherein the server sends logout requests to the plurality of clients according to the logout message, respectively, and comprises:
and the server side performs asynchronous traversal on the client side linked list according to the logout message and sends the logout request to the client sides in parallel through a plurality of threads.
5. A batch logout method based on single sign-on is characterized in that a client and other clients successfully log on at the same server through single sign-on; the method comprises the following steps:
the server receives a logout message sent by a first client in a plurality of clients, wherein the logout message is used for indicating that the client is logged out;
the server acquires a client linked list according to the token of the first client, wherein the client linked list stores a plurality of clients corresponding to the same token;
the server side sends logout requests to the plurality of clients respectively according to the logout messages, wherein the logout requests are used for indicating the clients to log out of the server side;
the client receives the logout request sent by the server;
the client deletes the local session between the client and the user side according to the logout request;
the client sends an ACK (acknowledgement) message to the server, wherein the ACK message is used for the server to confirm that the client logs out successfully;
and if the server receives an ACK (acknowledgement) message returned by a second client in the plurality of clients, the server confirms that the second client logs out successfully, and deletes the second client from the client linked list, wherein the second client and the first client are different clients.
6. The method of claim 5, wherein before the client receives the logout request sent by the server, the method further comprises:
and the client receives an exit request sent by the user side.
7. A batch logout device based on single sign-on is characterized in that the batch logout device is applied to a server, and a plurality of clients successfully log in the server through the single sign-on; the device comprises:
a receiving module, configured to receive, by the server, a logout message sent by a first client in the multiple clients, where the logout message is used to indicate that a client is logged out;
a sending module, configured to send, by the server, logout requests to the multiple clients respectively according to the logout message, where the logout requests are used to instruct the clients to log out of the server;
the confirmation module is used for confirming that the second client logs out successfully if the server receives an ACK (acknowledgement) message returned by the second client in the plurality of clients, wherein the second client is a client different from the first client;
the device further comprises an acquisition module, wherein the acquisition module is specifically configured to:
the server acquires a client linked list according to the token of the first client, wherein the client linked list stores a plurality of clients corresponding to the same token;
after the server side confirms that the second client side logs out successfully, the device further includes a processing module, and the processing module is specifically configured to:
and the server deletes the second client from the client linked list.
8. A batch logout device based on single sign-on, comprising:
a memory for storing a program;
a processor for executing the program stored by the memory, the processor being configured to perform the method of any of claims 1 to 4 when the program is executed.
9. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910641997.1A CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910641997.1A CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110365680A CN110365680A (en) | 2019-10-22 |
| CN110365680B true CN110365680B (en) | 2022-04-15 |
Family
ID=68220236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910641997.1A Active CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110365680B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112272204B (en) * | 2020-09-18 | 2022-06-21 | 苏州浪潮智能科技有限公司 | Method, system, terminal and storage medium for automatically logging out web page overtime |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006065004A1 (en) * | 2004-12-15 | 2006-06-22 | Electronics And Telecommunications Research Institute | System and method for performing service logout in single-sign-on service using identity |
| CN104320423A (en) * | 2014-11-19 | 2015-01-28 | 重庆邮电大学 | Single sign-on light weight implementation method based on Cookie |
| CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN109495473A (en) * | 2018-11-19 | 2019-03-19 | 杭州数梦工场科技有限公司 | Realize method, apparatus, equipment and storage medium that application system single-point is nullified |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103560884B (en) * | 2013-10-28 | 2016-08-17 | 上海浦东物流云计算有限公司 | The cancellation method of subscriber identity information, system, certificate server and client |
| CN103618612A (en) * | 2013-12-04 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and device for achieving single sign on of applications in terminal |
| CN105072123B (en) * | 2015-08-21 | 2018-06-19 | 广州博鳌纵横网络科技有限公司 | A kind of single sign-on under cluster environment exits method and system |
| JP6414541B2 (en) * | 2015-11-27 | 2018-10-31 | 京セラドキュメントソリューションズ株式会社 | Electronic device, session continuation determination program, and data transmission / reception system |
| CN109831408A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | Single-sign-on subsystem publishes method and system |
| CN109815687A (en) * | 2019-03-18 | 2019-05-28 | 北京智明星通科技股份有限公司 | Account management method and device |
-
2019
- 2019-07-16 CN CN201910641997.1A patent/CN110365680B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006065004A1 (en) * | 2004-12-15 | 2006-06-22 | Electronics And Telecommunications Research Institute | System and method for performing service logout in single-sign-on service using identity |
| CN104320423A (en) * | 2014-11-19 | 2015-01-28 | 重庆邮电大学 | Single sign-on light weight implementation method based on Cookie |
| CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN109495473A (en) * | 2018-11-19 | 2019-03-19 | 杭州数梦工场科技有限公司 | Realize method, apparatus, equipment and storage medium that application system single-point is nullified |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110365680A (en) | 2019-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104811455B (en) | A kind of cloud computing identity identifying method | |
| CN109905312B (en) | Message pushing method, device and system | |
| CN105847245B (en) | Electronic mailbox login authentication method and device | |
| CN104753868A (en) | Safety verification method, service server and safety verification system | |
| CN104657851B (en) | Payment binding management method, payment server, client and system | |
| US10218701B2 (en) | System and method for securing account access by verifying account with email provider | |
| EP3057049A1 (en) | Electronic transaction method and system, and payment platform system | |
| CN103001975A (en) | Method, system and device used for controlling login and based on two-dimensional code | |
| CN103036902A (en) | Login control method and login control system based on two-dimension code | |
| EP3641261A1 (en) | Entrusted login method, related device and computer readable storage medium | |
| CN103001974A (en) | Method, system and device used for controlling login and based on two-dimensional code | |
| CN103457738A (en) | Method and system for login processing based on browser | |
| EP3251285B1 (en) | Service request authentication method and apparatus | |
| CN107135201B (en) | Network server login authentication method, device and storage medium | |
| CN106529952A (en) | Verification realizing method and system in data transfer | |
| CN110704820A (en) | Login processing method and device, electronic equipment and computer readable storage medium | |
| CN110365680B (en) | Batch logout method and device based on single sign-on | |
| CN113225351A (en) | Request processing method and device, storage medium and electronic equipment | |
| CN108076077A (en) | A kind of conversation controlling method and device | |
| CN112448956A (en) | Authority processing method and device of short message verification code and computer equipment | |
| US20180096128A1 (en) | Non-transitory computer-readable recording medium, communication management method, and communication management device | |
| CN105577621B (en) | Business operation verification method, device and system | |
| CN112087475B (en) | Message pushing method and device for cloud platform component application and message server | |
| CN113225348B (en) | Request anti-replay verification method and device | |
| CN114500066A (en) | Information processing method, gateway and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |