CN112948783A - Client login management method, device, server and storage medium - Google Patents
Client login management method, device, server and storage medium Download PDFInfo
- Publication number
- CN112948783A CN112948783A CN202110215661.6A CN202110215661A CN112948783A CN 112948783 A CN112948783 A CN 112948783A CN 202110215661 A CN202110215661 A CN 202110215661A CN 112948783 A CN112948783 A CN 112948783A
- Authority
- CN
- China
- Prior art keywords
- client
- login
- information
- bill
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The embodiment of the application provides a client login management method, a client login management device, a server and a storage medium, wherein the method comprises the following steps: after a first login request sent by a target user through a first client is verified, generating a first login bill for the first client; inquiring whether a second login bill exists according to target identification information of a target user in the application system and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; and if so, replacing the second login bill by using the first login bill, otherwise, storing the target identification information, the coding information of the first client and the first login bill. By adopting the method and the device, the mutual exclusion of the multi-terminal login and the compatibility of the multi-terminal login can be realized, and the method and the device are more flexible. The application relates to a block chain technology, such as encrypting data in a database and writing the data into a block chain.
Description
Technical Field
The present application relates to the field of process optimization technologies, and in particular, to a method, an apparatus, a server, and a storage medium for managing login of a client.
Background
At present, a plurality of login state generation and maintenance schemes are provided in the industry, a Cookie authentication mechanism and a Token authentication mechanism are used as main mainstream schemes, and each scheme has different applicable scenes. Based on the Cookie authentication mechanism, Cookie information can be stored in the client, and the client can access the server through the Cookie information. Based on the Token authentication mechanism, Token may be stored in the server, and the client may access the server through the obtained Token. When a user uses a plurality of clients to log in a server, the server can log in the server through one client, and when another client requests to log in the server, whether a user ID exists locally is inquired, and when the user ID exists, the client which logs in first is controlled to log out. However, this kind of client login management method is single and not flexible enough.
Disclosure of Invention
The embodiment of the application provides a client login management method, a client login management device, a server and a storage medium, and the client login management method, the client login management device, the server and the storage medium can realize multi-terminal login mutual exclusion and multi-terminal login compatibility through client coding, and are more flexible.
In a first aspect, an embodiment of the present application provides a client login management method, including:
after a first login request sent by a target user through a first client is verified, target identification information of the target user in an application system is obtained;
acquiring coding information of the first client according to the first login request, and generating a first login bill for the first client according to the target identification information and the first login request;
inquiring whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server and a login bill generated for the client used by each user for logging in the server;
replacing the second login ticket in the database with the first login ticket when the database includes the second login ticket;
and when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
Optionally, after the second client logs in to the server before the first client, and the second login ticket in the database is replaced by the first login ticket, the method further includes:
after a first access request sent by the target user through the second client is received, acquiring coding information of the second client according to the first access request, and acquiring a third login bill carried by the first access request;
analyzing according to the third login bill to obtain the target identification information;
inquiring the first login bill from the database according to the target identification information and the coding information of the second client;
and when the third login bill is determined to be inconsistent with the first login bill, determining that the third login bill is not verified, refusing to process the first access request, and sending login quitting prompt information to the second client.
Optionally, the method further includes:
after receiving a second access request sent by the target user through the first client, acquiring coding information of the first client according to the second access request, and acquiring a fourth login bill carried by the second access request;
analyzing according to the fourth login bill to obtain the target identification information;
inquiring the first login bill from the database according to the target identification information and the coding information of the first client;
and when the fourth login bill is determined to be consistent with the first login bill, determining that the fourth login bill passes verification, responding to the second access request to acquire request data, and sending the request data to the first client.
Optionally, the method further includes:
when the fourth login bill passes the verification, acquiring the bill expiration time of the first client; the bill expiration time of the first client is the initial bill expiration time of the first client, or the adjusted bill expiration time of the first client obtained by a configuration center based on a bill expiration time management page returned by a server;
judging whether the fourth login bill is expired or not according to the request creation time included by the fourth login bill and the bill expiration time of the first client;
and when the fourth login bill is not expired, triggering the steps of acquiring request data in response to the second access request and sending the request data to the second client.
Optionally, the obtaining the coding information of the first client according to the first login request includes:
acquiring client information of the first client carried by the first login request;
determining coding information corresponding to the client information of the first client according to the corresponding relation between the client information and the coding information;
and determining the coding information corresponding to the client information of the first client as the coding information of the first client.
Optionally, the generating a first login ticket for the first client according to the target identification information and the first login request includes:
acquiring request establishing time carried by the first login request;
generating an initial login bill for the first client according to the target identification information and the request creation time;
and encrypting the initial login bill generated for the first client by adopting an asymmetric encryption mode to obtain a first login bill.
Optionally, the method further includes:
responding to a coding information management request sent by a configuration center, and returning a coding information management page to the configuration center; the coding information management page comprises a coding information configuration item corresponding to the target client information; the coding information configuration item is used for the configuration center to adjust the initial coding information of the target client information; the target client information is one or more pieces of client information in a plurality of pieces of client information;
and receiving the adjusted coding information corresponding to the target client information returned by the configuration center, and determining the adjusted coding information of the target client information as the coding information of the target client.
In a second aspect, an embodiment of the present application provides a client login management device, including:
the system comprises an acquisition module, a first client and a second client, wherein the acquisition module is used for acquiring target identification information of a target user in an application system after a first login request sent by the target user through the first client is verified;
the bill generating module is used for acquiring the coding information of the first client according to the first login request and generating a first login bill for the first client according to the target identification information and the first login request;
the query module is used for querying whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client; the second login bill generates that the coding information of the second client is the same as the coding information of the first client according to the target identification information and a second login request sent by the target user through the second client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server and a login bill generated for the client used by each user for logging in the server;
the data management module is used for replacing the second login bill in the database by using the first login bill when the database comprises the second login bill; and when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
In a third aspect, an embodiment of the present application provides a server, including a processor and a memory, where the processor and the memory are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method according to the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, which stores a computer program, where the computer program is executed by a processor to implement the method according to the first aspect.
In summary, the server may obtain target identification information of the target user in the application system after the target user passes verification of the first login request sent by the first client, and obtain encoding information of the first client according to the first login request, so as to generate a first login bill for the first client according to the target identification information and the first login request; the server can inquire whether a database comprises a second login bill according to the target identification information and the coding information of the first client, the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as the coding information of the first client; the server can replace the second login bill in the database by using the first login bill when the database comprises the second login bill, and can save the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database when the database does not comprise the second login bill.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic network architecture diagram of a client login management system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a client login management method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another client login management method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a client login management apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The application provides a client login management scheme, which can realize login mutual exclusion of different clients through the same coding information and realize login compatibility of different clients through different coding information. The login mutual exclusion means that a user cannot simultaneously login to the server by using two or more clients (the clients have the same coding information), and the login compatibility means that the user can simultaneously login to the server by using two or more clients (the clients have different coding information). The client login management scheme may be performed by a server, which may be a server or a cluster of servers. The clients described in the embodiments of the present application, such as the first client and the second client, may belong to any one of the following types: APP, SDK, PC browser, H5, applet.
Referring to fig. 1, a schematic diagram of a network structure of a client login management system according to an embodiment of the present application is provided. The client login management system shown in fig. 1 includes a plurality of clients corresponding to the user a, such as a client 10 (corresponding to the first client mentioned in the embodiment of the present application) and a client 20 (corresponding to the second client mentioned in the embodiment of the present application) shown in fig. 1, and a server 30 (corresponding to the server mentioned in the embodiment of the present application). The client 20 here refers to a client that encodes the same information as the client 10, i.e., refers to a client that is mutually exclusive of the client 10. In one embodiment, the plurality of clients may further include a client (not shown) that encodes information different from that of the client 10, i.e., a client that is login-compatible with the client 10.
In this embodiment, the user a may send a first login request to the server 30 through the client 10, where the first login request refers to a login request sent by the client 10. The server 30 may authenticate the first login request after receiving the first login request sent by the client 10.
In one embodiment, it is possible that user a has logged in to the server 30 through the client 20 before sending the first login request to the server 30 through the client 10. That is, the user a may send a second login request to the server 30 through the client 20, where the second login request refers to a login request sent by the client 20. The server 30 may authenticate the second login request after receiving the second login request. After the second login request is authenticated, the server 30 may obtain the target identification information of the user a in the application system. The target identification information is the unique identification information of the user A in the application system. The server 30 may further obtain the encoding information of the client 20 according to the second login request, and generate a second login ticket for the client 20 according to the target identification information and the second login request. Then, the server 30 may query whether the database includes a login ticket of another client (not shown) that is the same as the encoding information of the client 20 according to the target identification information and the encoding information of the client 20, where the other client logs in the server before the second client, and a generation method of the login ticket of the other client refers to a generation method of the second login ticket, which is not described herein again. The server 30 may replace the login ticket of the other client in the database with the second login ticket when the database includes the login ticket of the other client, and save the correspondence between the target identification information, the encoding information of the client 20, and the second login ticket in the database when the database does not include the login ticket of the other client.
In this embodiment, after the server 30 passes the verification of the first login request, the target identification information of the user a in the application system may be acquired. The server 30 may further obtain the encoding information of the client 10 according to the first login request, and generate a first login ticket for the client 10 according to the target identification information and the first login request. The server 30 may then query the database for whether the second login ticket is included based on the target identification information and the encoded information of the client 10. The server 30 may replace the second login ticket in the database with the first login ticket when the database includes the second login ticket. The server 30 may save the correspondence between the object identification information, the encoding information of the client 10, and the first login ticket in the database when the database does not include the second login ticket.
In an embodiment, the configuration center may configure the coding information corresponding to different client information. The client information may include client source information or client category. The configuration center configures the coding information corresponding to the client information, so that the compatibility and mutual exclusion of multi-terminal login can be dynamically controlled in real time.
In one embodiment, the configuration center can make the encoded information corresponding to each piece of client information in the plurality of pieces of client information different. For example, the plurality of pieces of client information include client information 1, client information 2 …, and client information N. Client information 1 corresponds to code information 1, client information 2 corresponds to code information 2 …, and client information N corresponds to code information N. By setting different coding information for each client information, the effect that the client corresponding to each client information is compatible in login can be achieved. In one embodiment, the configuration center may further enable encoded information corresponding to a part of the client information in the plurality of client information to be the same. According to the method and the device, the effect of client login mutual exclusion (such as login in APP and incapability of login in applet) corresponding to each piece of client information in the part of client information can be achieved by setting the coding information corresponding to the part of the client information as the same coding information, and therefore the problem of disordered processing flow caused by simultaneous login of multiple ends by a user is avoided. For example, in order to enable the client corresponding to the client information 1 and the client corresponding to the client information 2 to achieve the effect of mutual exclusion in login, the encoded information of the client information 1 and the encoded information of the client information 2 may be set to be the same encoded information, for example, the encoded information of the client information 1 may be kept unchanged, and the encoded information of the client information 1 may be adjusted to be the encoded information of the client information 2, or the encoded information of the client information 2 may be kept unchanged, and the encoded information of the client information 2 may be adjusted to be the encoded information of the client information 1, or the encoded information of the client information 1 and the encoded information of the client information 2 may be adjusted to be the other encoded information.
In one embodiment, the server may return the encoded information management page to the configuration center in response to an encoded information management request sent by the configuration center. The coding information management page comprises a coding information configuration item corresponding to the target client information. And the coding information configuration item is used for adjusting the initial coding information of the target client information by the configuration center. The target client information is one or more client information in the plurality of client information. The initial coding information is coding information stored by the server. And the server receives the adjusted coding information corresponding to the target client information returned by the configuration center, and determines the adjusted coding information of the target client information as the coding information of the target client. In one application scenario, a manager may send a coded information management request to a server through a configuration center. The server may return an encoding information management page to the configuration center in response to the encoding information management request sent by the configuration center. The administrator can adjust the encoding information of the client information 1 from the encoding information 1 to the encoding information 2 based on the encoding information configuration item corresponding to the client information 1 included in the encoding information management page. Then, the server may obtain the encoded information 2, and determine the encoded information 2 as the encoded information of the client information 1.
In one embodiment, the present application embodiment may configure the ticket expiration time of the login ticket of different clients (here, clients that have logged into the server) through the configuration center. For example, taking the login ticket of the first client as an example, the ticket expiration time of the first client is the adjusted ticket expiration time of the first client obtained by the configuration center based on the ticket expiration time management page returned by the server. Specifically, the server may return a ticket expiration management page to the configuration center in response to a ticket expiration management request sent by the configuration center. The bill expiration time management page comprises a bill expiration time configuration item corresponding to the first client, and the bill expiration time configuration item is used for adjusting the initial bill expiration time of the first client by the configuration center. And the server receives the bill expiration time adjusted by the first client returned by the configuration center, and determines the bill expiration time adjusted by the first client as the bill expiration time of the first client. The configuration process of the ticket expiration time of the clients such as the second client may refer to this method, which is not described herein.
Please refer to fig. 2, which is a flowchart illustrating a client login management method according to an embodiment of the present disclosure. The method may be applied to the aforementioned server. Specifically, the method may comprise the steps of:
s201, after the first login request sent by the first client side to the target user is verified, the target identification information of the target user in the application system is obtained.
In the embodiment of the application, the target user can send the first login request to the server through the first client, and the server can receive the first login request and verify the first login request. After the first login request is verified, the server can acquire the target identification information of the target user in the application system. The server verifies the first login request, which may include a process of verifying account information carried by the first login request by the server, and the like.
In one embodiment, the server may query whether target identification information of the target user in the application system exists after the target user passes the verification of the first login request sent by the first client; if yes, the server acquires the inquired target identification information of the target user in the application system; and if the target identification information does not exist, the server generates the target identification information of the target user in the application system. In an embodiment, the server may record a corresponding relationship between the account information and the identification information, and then query, according to the corresponding relationship between the account information and the identification information, target identification information corresponding to the account information carried in the first login request.
In one embodiment, the first client may be any one of a plurality of clients used by a target user to access the server. In one embodiment, the account information entered by the target user at multiple clients may be the same. In one embodiment, the encoded information described in the embodiments of the present application includes, but is not limited to, presentation in the form of numbers, letters, and words.
S202, obtaining the coding information of the first client according to the first login request, and generating a first login bill for the first client according to the target identification information and the first login request.
In the embodiment of the application, after the server obtains the first login bill, the server sends the first login bill to the first client, and the subsequent first client can access the server through the first login bill.
In the embodiment of the application, the server acquires the coding information of the first client according to the first login request, specifically, the server acquires the client information of the first client carried by the first login request, and acquires the coding information of the first client according to the client information of the first client. Specifically, the server may obtain client information of the first client carried by the first login request, and determine, according to a correspondence between the client information and the coding information, coding information corresponding to the client information of the first client; and the server determines the coding information corresponding to the client information of the first client as the coding information of the first client.
In the embodiment of the application, the server generates a first login bill for the first client according to the target identification information and the first login request, can obtain the request creation time carried by the first login request for the server, and generates an initial login bill as the first login bill for the first client according to the target identification information and the request creation time. Or, the server generates a first login bill for the first client according to the target identification information and the first login request, may obtain request creation time carried by the first login request for the server, and generates an initial login bill for the first client according to the target identification information and the request creation time; and the server encrypts the initial login bill generated for the first client in an asymmetric encryption mode to obtain a first login bill.
In one embodiment, the manner of generating the initial login ticket for the first client according to the target identification information and the request creation time may be that a JSON Web Token (JWT) generation method is adopted for the server to generate the initial login ticket for the first client according to the target identification information and the request creation time. The initial login bill generated for the first client is encrypted by adopting an asymmetric encryption mode, and the obtained first login bill can be used as the first login bill by the server for encrypting the initial login bill generated for the first client by adopting an RSA encryption mode. The RSA encryption mode is generally used for encrypting transmission data between the client and the server, and compared with a mode of directly transmitting the login bill between the client and the server in the prior art, the embodiment of the application encrypts the login bill by the RSA encryption mode, and the security of the login bill in the transmission process can be guaranteed. Specifically, the server may obtain a preset key pair, and encrypt an initial login ticket generated for the first client by using a public key in the key pair to obtain a first login ticket.
S203, inquiring whether the database comprises a second login bill or not according to the target identification information and the coding information of the first client.
And the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client. The second client may log into the server before the first client. The generation manner of the second login ticket may refer to the generation manner of the first login ticket, which is not described herein again in this embodiment of the application. The second login ticket may correspond to the target identification information and the encoded information of the second client, which is the same as the encoded information of the first client. The encoding information of the second client is the same as that of the first client, which means that mutual exclusion is logged between the first client and the second client. The database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server, and a login bill generated for the client used by each user for logging in the server. The login ticket generated for the client used by each user to log in the server may be an initial login ticket generated for the client, or may be a login ticket obtained by encrypting the initial login ticket generated for the client.
In this embodiment, after the server executes step S203, step S204 and step S205 may be executed in parallel.
S204, when the database comprises the second login ticket, replacing the second login ticket in the database with the first login ticket.
When the database includes the second login ticket, it means that there is a client that is mutually exclusive with the first client login among the clients that the user has logged in to the server (i.e., there is the second client), and therefore, in order to achieve mutual exclusion of login, the server may replace the second login ticket in the database with the first login ticket, or may replace the target identification information stored in the database, the encoding information corresponding to the second client, and the second login ticket with the target identification information, the encoding information of the first client, and the first login ticket. Then, the first client can access the server through the first login ticket, and the second client can exit the login state.
S205, when the database does not include the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
When the database does not include the second login ticket, it means that there is no client that is mutually exclusive to the first client login among the clients that the user has logged in to the server (i.e., there is no second client) or the user does not log in to the server with other clients except the first client, and therefore, the server can save the correspondence between the target identification information, the encoding information of the first client, and the first login ticket in the database. The first client may then access the server through the first login ticket.
After step S204 or step S205 is executed, after receiving a second access request sent by the target user through the first client, the server may obtain, according to the second access request, the encoding information of the first client, and obtain a fourth login ticket carried by the second access request; the server analyzes the fourth login bill to obtain the target identification information, and queries the first login bill from the database according to the target identification information and the coding information of the first client; and when the server determines that the fourth login bill is consistent with the first login bill, the server determines that the fourth login bill passes verification, responds to the second access request to acquire request data, and sends the request data to the first client.
As can be seen, in the embodiment shown in fig. 2, after the first login request sent by the first client is verified, the server may obtain the target identification information of the target user in the application system, and obtain the encoding information of the first client according to the first login request, so as to generate the first login ticket for the first client according to the target identification information and the first login request; the server can inquire whether the database comprises a second login bill or not according to the target identification information and the coding information of the first client; the server can replace the second login bill in the database by using the first login bill when the database comprises the second login bill, and can save the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database when the database does not comprise the second login bill.
The application relates to a block chain technology, such as data in a database can be encrypted and then written into a block chain.
Please refer to fig. 3, which is a flowchart illustrating another client login method according to an embodiment of the present disclosure. The method may be applied to the aforementioned server. The method may comprise the steps of:
s301, after the first login request sent by the first client side to the target user is verified, the target identification information of the target user in the application system is obtained.
S302, obtaining the coding information of the first client according to the first login request, and generating a first login bill for the first client according to the target identification information and the first login request.
S303, inquiring whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client.
Steps S301 to S303 can refer to steps S201 to S203 in the embodiment of fig. 2, which is not described herein again in this embodiment of the present application. The server may perform step S304 and step S309 in parallel after performing step S303.
S304, when the database comprises the second login ticket, replacing the second login ticket in the database with the first login ticket.
Step S304 can refer to step S204 in the embodiment of fig. 2, which is not described herein again in this embodiment of the present application.
S305, after receiving a first access request sent by the target user through the second client, acquiring the coding information of the second client according to the first access request, and acquiring a third login bill carried by the first access request.
The first access request here is an access request sent by the second client. The third registration ticket may be a second registration ticket or not, for example, the third registration ticket is normally the second registration ticket, but when the second registration ticket is tampered, the third registration ticket is not the second registration ticket, and the third registration ticket is a registration ticket obtained by tampering with the second registration ticket.
In the embodiment of the application, the manner in which the server acquires the coding information of the second client according to the first access request may be that the server acquires the client information of the second client carried by the first access request, and queries the coding information corresponding to the client information of the second client as the coding information of the second client.
S306, analyzing according to the third login bill to obtain the target identification information.
S307, inquiring the first login bill from the database according to the target identification information and the coding information of the second client.
In steps S306 to S307, the server may parse the third login ticket to obtain the target identification information, and according to the target identification information and the encoding information of the second client, since the second login ticket stored in the database has been replaced by the first login ticket, the second login ticket, which is queried from the database at this time, is no longer the second login ticket, but the first login ticket.
In this embodiment of the application, the manner in which the server obtains the target identification information by parsing according to the third login ticket may be: the server decrypts the third login bill by using a private key of the key pair to obtain an initial login bill of the second client, and analyzes the initial login bill of the second client to obtain first analysis data, wherein the first analysis data comprises target identification information.
S308, when the third login bill is determined to be inconsistent with the first login bill, determining that the third login bill is not verified, refusing to process the first access request, and sending login quitting prompt information to the second client.
In the embodiment of the application, no matter whether the third login bill is the second login bill or not, the third login bill is different from the first login bill, which is inevitable. For the server, the server may determine whether the third login ticket is consistent with the first login ticket. The process of the server judging whether the third login bill is consistent with the first login bill can be as follows: the server analyzes the third login bill to obtain an initial login bill of the second client, and analyzes the initial login bill of the second client to obtain second analysis data; the server may determine that the third login ticket is inconsistent with the first login ticket when the second parsed data is inconsistent with the aforementioned first parsed data. When the third login bill is the second login bill, the third login bill is inconsistent with the first login bill, which indicates that the target user logs in the server using one of the clients (the client is the first client) which is exclusive to the second client and logs in the second client, except the second client.
S309, when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
Step S309 may refer to step S205 in the embodiment of fig. 2, and details of the embodiment of the present application are not described herein.
It can be seen that, in the embodiment shown in fig. 3, when the second login ticket of the second client is replaced by the first login ticket of the first client and the second client accesses the server, the access of the second client is denied, the second client receives the prompt message for logging out, and the process realizes mutual exclusion of login between the first client and the second client through the encoded information.
Please refer to fig. 4, which is a schematic structural diagram of a client login management device according to an embodiment of the present disclosure. The apparatus may be applied to the aforementioned server. Specifically, the login management device may include:
the obtaining module 401 is configured to obtain target identification information of a target user in an application system after a first login request sent by a first client is verified.
A ticket generating module 402, configured to obtain the coding information of the first client according to the first login request, and generate a first login ticket for the first client according to the target identification information and the first login request.
The query module 403 is configured to query whether a database includes a second login ticket according to the target identification information and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server, and a login bill generated for the client used by each user for logging in the server.
A data management module 404, configured to, when the database includes the second login ticket, replace the second login ticket in the database with the first login ticket, and when the database does not include the second login ticket, save, in the database, a correspondence between the target identification information, the coding information of the first client, and the first login ticket.
In an alternative embodiment, the second client logs into the server before the first client.
In an alternative embodiment, the client login management device further includes an access processing module 405.
In an optional implementation manner, the access processing module 405 is further configured to, after replacing the second login ticket in the database with the first login ticket, after receiving a first access request sent by the target user through the second client, obtain encoding information of the second client according to the first access request, and obtain a third login ticket carried in the first access request; analyzing according to the third login bill to obtain the target identification information; inquiring the first login bill from the database according to the target identification information and the coding information of the second client; and when the third login bill is determined to be inconsistent with the first login bill, determining that the third login bill is not verified, refusing to process the first access request, and sending login quitting prompt information to the second client.
In an optional implementation manner, the access processing module 405 is further configured to, after receiving a second access request sent by the target user through the first client, obtain, according to the second access request, encoding information of the first client, and obtain a fourth login ticket carried in the second access request; analyzing according to the fourth login bill to obtain the target identification information; inquiring the first login bill from the database according to the target identification information and the coding information of the first client; and when the fourth login bill is determined to be consistent with the first login bill, determining that the fourth login bill passes verification, responding to the second access request to acquire request data, and sending the request data to the first client.
In an alternative embodiment, the access processing module 405 is configured to obtain a ticket expiration time of the first client when the fourth login ticket is verified; the bill expiration time of the first client is the initial bill expiration time of the first client, or the adjusted bill expiration time of the first client obtained by a configuration center based on a bill expiration time management page returned by a server; judging whether the fourth login bill is expired or not according to the request creation time included by the fourth login bill and the bill expiration time of the first client; and when the fourth login bill is not expired, triggering the steps of acquiring request data in response to the second access request and sending the request data to the second client.
In an optional implementation manner, the ticket generating module 402 obtains, according to the first login request, the encoded information of the first client, specifically, obtains the client information of the first client carried by the first login request; determining coding information corresponding to the client information of the first client according to the corresponding relation between the client information and the coding information; and determining the coding information corresponding to the client information of the first client as the coding information of the first client.
In an optional implementation manner, the ticket generating module 402 generates a first login ticket for the first client according to the target identification information and the first login request, specifically, obtains a request creation time carried by the first login request; generating an initial login bill for the first client according to the target identification information and the request creation time; and encrypting the initial login bill generated for the first client by adopting an asymmetric encryption mode to obtain a first login bill.
In an optional implementation manner, the data management module 404 is further configured to return an encoding information management page to the configuration center in response to an encoding information management request sent by the configuration center; the coding information management page comprises a coding information configuration item corresponding to the target client information; the coding information configuration item is used for the configuration center to adjust the initial coding information of the target client information; the target client information is one or more pieces of client information in a plurality of pieces of client information; and receiving the adjusted coding information corresponding to the target client information returned by the configuration center, and determining the adjusted coding information of the target client information as the coding information of the target client.
It can be seen that, in the embodiment shown in fig. 4, after the first login request sent by the first client by the target user is verified, the client login management device may obtain the target identification information of the target user in the application system, and obtain the encoding information of the first client according to the first login request, so as to generate the first login ticket for the first client according to the target identification information and the first login request; the client login management device can inquire whether the database comprises a second login bill or not according to the target identification information and the coding information of the first client; the client login management device can replace the second login bill in the database by using the first login bill when the database does not comprise the second login bill, and can save the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database when the database does not comprise the second login bill.
Please refer to fig. 5, which is a schematic structural diagram of a server according to an embodiment of the present disclosure. The server described in this embodiment may include: one or more processors 1000 and memory 2000. The processor 1000 and the memory 2000 may be connected by a bus.
The Processor 1000 may be a Central Processing Unit (CPU), and may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 2000 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The memory 2000 is used for storing a set of program codes, and the processor 1000 may call the program codes stored in the memory 2000. Specifically, the method comprises the following steps:
the processor 1000 is configured to obtain target identification information of a target user in an application system after a first login request sent by a first client is verified; acquiring coding information of the first client according to the first login request, and generating a first login bill for the first client according to the target identification information and the first login request; inquiring whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server and a login bill generated for the client used by each user for logging in the server; replacing the second login ticket in the database with the first login ticket when the database includes the second login ticket; and when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
In an embodiment, the processor 1000 is further configured to, after replacing the second login ticket in the database with the first login ticket, obtain, according to a first access request sent by the target user through the second client, encoding information of the second client, and obtain a third login ticket carried in the first access request after receiving the first access request; analyzing according to the third login bill to obtain the target identification information; inquiring the first login bill from the database according to the target identification information and the coding information of the second client; and when the third login bill is determined to be inconsistent with the first login bill, determining that the third login bill is not verified, refusing to process the first access request, and sending login quitting prompt information to the second client.
In one embodiment, the server further comprises a communication interface (not shown in fig. 5), which is a standard wired or wireless communication interface. The processor 1000 may receive, through the communication interface, a first access request sent by the target user through the second client, and send, through the interface, a prompt message to log out to the second client.
In one embodiment, the second client logs into a server before the first client.
In an embodiment, the processor 1000 is further configured to, after receiving a second access request sent by the target user through the first client, obtain, according to the second access request, encoding information of the first client, and obtain a fourth login ticket carried in the second access request; analyzing according to the fourth login bill to obtain the target identification information; inquiring the first login bill from the database according to the target identification information and the coding information of the first client; and when the fourth login bill is determined to be consistent with the first login bill, determining that the fourth login bill passes verification, responding to the second access request to acquire request data, and sending the request data to the first client.
In one embodiment, the processor 1000 may receive a second access request sent by the target user through the first client through the communication interface, and may send the request data to the first client through the communication interface.
In one embodiment, the processor 1000 is further configured to obtain a ticket expiration time of the first client when the fourth login ticket is verified; the bill expiration time of the first client is the initial bill expiration time of the first client, or the adjusted bill expiration time of the first client obtained by a configuration center based on a bill expiration time management page returned by a server; judging whether the fourth login bill is expired or not according to the request creation time included by the fourth login bill and the bill expiration time of the first client; and when the fourth login bill is not expired, triggering the steps of acquiring request data in response to the second access request and sending the request data to the second client.
In an embodiment, the processor 1000 obtains, according to the first login request, encoding information of the first client, specifically obtains client information of the first client carried in the first login request; determining coding information corresponding to the client information of the first client according to the corresponding relation between the client information and the coding information; and determining the coding information corresponding to the client information of the first client as the coding information of the first client.
In an embodiment, the processor 1000 generates a first login ticket for the first client according to the target identification information and the first login request, specifically, obtains a request creation time carried by the first login request; generating an initial login bill for the first client according to the target identification information and the request creation time; and encrypting the initial login bill generated for the first client by adopting an asymmetric encryption mode to obtain a first login bill.
In one embodiment, the processor 1000 is further configured to return an encoded information management page to the configuration center in response to an encoded information management request sent by the configuration center; the coding information management page comprises a coding information configuration item corresponding to the target client information; the coding information configuration item is used for the configuration center to adjust the initial coding information of the target client information; the target client information is one or more pieces of client information in a plurality of pieces of client information; and receiving the adjusted coding information corresponding to the target client information returned by the configuration center, and determining the adjusted coding information of the target client information as the coding information of the target client.
In an embodiment, the processor 1000 may return the coding information management page to the configuration center through the communication interface, and receive, through the communication interface, the adjusted coding information corresponding to the target client returned by the configuration center.
In a specific implementation, the processor 1000 described in this embodiment of the present application may execute the implementation described in the embodiment of fig. 2 and the embodiment of fig. 3, and may also execute the implementation described in this embodiment of the present application, which is not described herein again.
The functional modules in the embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a form of sampling hardware, and can also be realized in a form of sampling software functional modules.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The computer readable storage medium may be volatile or nonvolatile. For example, the computer storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like. The computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A client login management method is characterized by comprising the following steps:
after a first login request sent by a target user through a first client is verified, target identification information of the target user in an application system is obtained;
acquiring coding information of the first client according to the first login request, and generating a first login bill for the first client according to the target identification information and the first login request;
inquiring whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server and a login bill generated for the client used by each user for logging in the server;
replacing the second login ticket in the database with the first login ticket when the database includes the second login ticket;
and when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
2. The method of claim 1, wherein the second client logs into a server before the first client, and wherein after replacing the second login ticket in the database with the first login ticket, the method further comprises:
after a first access request sent by the target user through the second client is received, acquiring coding information of the second client according to the first access request, and acquiring a third login bill carried by the first access request;
analyzing according to the third login bill to obtain the target identification information;
inquiring the first login bill from the database according to the target identification information and the coding information of the second client;
and when the third login bill is determined to be inconsistent with the first login bill, determining that the third login bill is not verified, refusing to process the first access request, and sending login quitting prompt information to the second client.
3. The method of claim 1, further comprising:
after receiving a second access request sent by the target user through the first client, acquiring coding information of the first client according to the second access request, and acquiring a fourth login bill carried by the second access request;
analyzing according to the fourth login bill to obtain the target identification information;
inquiring the first login bill from the database according to the target identification information and the coding information of the first client;
and when the fourth login bill is determined to be consistent with the first login bill, determining that the fourth login bill passes verification, responding to the second access request to acquire request data, and sending the request data to the first client.
4. The method of claim 3, further comprising:
when the fourth login bill passes the verification, acquiring the bill expiration time of the first client; the bill expiration time of the first client is the initial bill expiration time of the first client, or the adjusted bill expiration time of the first client obtained by a configuration center based on a bill expiration time management page returned by a server;
judging whether the fourth login bill is expired or not according to the request creation time included by the fourth login bill and the bill expiration time of the first client;
and when the fourth login bill is not expired, triggering the steps of acquiring request data in response to the second access request and sending the request data to the second client.
5. The method according to any of claims 1-4, wherein the obtaining the encoded information of the first client according to the first login request comprises:
acquiring client information of the first client carried by the first login request;
determining coding information corresponding to the client information of the first client according to the corresponding relation between the client information and the coding information;
and determining the coding information corresponding to the client information of the first client as the coding information of the first client.
6. The method of claim 5, wherein generating a first login ticket for the first client according to the target identification information and the first login request comprises:
acquiring request establishing time carried by the first login request;
generating an initial login bill for the first client according to the target identification information and the request creation time;
and encrypting the initial login bill generated for the first client by adopting an asymmetric encryption mode to obtain a first login bill.
7. The method of claim 1, further comprising:
responding to a coding information management request sent by a configuration center, and returning a coding information management page to the configuration center; the coding information management page comprises a coding information configuration item corresponding to the target client information; the coding information configuration item is used for the configuration center to adjust the initial coding information of the target client information; the target client information is one or more pieces of client information in a plurality of pieces of client information;
and receiving the adjusted coding information corresponding to the target client information returned by the configuration center, and determining the adjusted coding information of the target client information as the coding information of the target client.
8. A client login management device, comprising:
the system comprises an acquisition module, a first client and a second client, wherein the acquisition module is used for acquiring target identification information of a target user in an application system after a first login request sent by the target user through the first client is verified;
the bill generating module is used for acquiring the coding information of the first client according to the first login request and generating a first login bill for the first client according to the target identification information and the first login request;
the query module is used for querying whether a database comprises a second login bill or not according to the target identification information and the coding information of the first client; the second login bill is generated according to the target identification information and a second login request sent by the target user through a second client, and the coding information of the second client is the same as that of the first client; the database stores identification information of each user in the application system, coding information of a client used by each user for logging in the server and a login bill generated for the client used by each user for logging in the server;
the data management module is used for replacing the second login bill in the database by using the first login bill when the database comprises the second login bill; and when the database does not comprise the second login bill, storing the corresponding relation among the target identification information, the coding information of the first client and the first login bill in the database.
9. A server, comprising a processor and a memory, the processor and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any one of claims 1-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which is executed by a processor to implement the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110215661.6A CN112948783A (en) | 2021-02-26 | 2021-02-26 | Client login management method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110215661.6A CN112948783A (en) | 2021-02-26 | 2021-02-26 | Client login management method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112948783A true CN112948783A (en) | 2021-06-11 |
Family
ID=76246359
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110215661.6A Pending CN112948783A (en) | 2021-02-26 | 2021-02-26 | Client login management method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948783A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113377302A (en) * | 2021-06-16 | 2021-09-10 | 苏州博瑞凯德信息技术有限公司 | Passive login method and device for printer, storage medium and electronic equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634316A (en) * | 2013-11-26 | 2014-03-12 | 乐视网信息技术(北京)股份有限公司 | Account login method and electronic equipment |
| US20140181944A1 (en) * | 2012-12-26 | 2014-06-26 | Cellco Partnership D/B/A Verizon Wireless | Single sign-on for a native application and a web application on a mobile device |
| CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
| CN105450637A (en) * | 2015-11-09 | 2016-03-30 | 歌尔声学股份有限公司 | Single sign-on method and device for multiple application systems |
| CN107147644A (en) * | 2017-05-10 | 2017-09-08 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that mobile APP user logs in single equipment |
| US20170295159A1 (en) * | 2016-04-06 | 2017-10-12 | Bank Of America Corporation | Authenticating Clients Using Tokens |
| CN107404488A (en) * | 2017-08-07 | 2017-11-28 | 上海斐讯数据通信技术有限公司 | A kind of same application multi-terminal equipment mutual exclusion method and device |
| CN108848113A (en) * | 2018-08-15 | 2018-11-20 | 广州视源电子科技股份有限公司 | Client device log-in control method, device, storage medium and server |
| US10356053B1 (en) * | 2014-12-12 | 2019-07-16 | Charles Schwab & Co., Inc. | System and method for allowing access to an application or features thereof on each of one or more user devices |
| CN110691087A (en) * | 2019-09-29 | 2020-01-14 | 北京搜狐新媒体信息技术有限公司 | Access control method, device, server and storage medium |
| US10931691B1 (en) * | 2017-10-09 | 2021-02-23 | F5 Networks, Inc. | Methods for detecting and mitigating brute force credential stuffing attacks and devices thereof |
-
2021
- 2021-02-26 CN CN202110215661.6A patent/CN112948783A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140181944A1 (en) * | 2012-12-26 | 2014-06-26 | Cellco Partnership D/B/A Verizon Wireless | Single sign-on for a native application and a web application on a mobile device |
| CN103634316A (en) * | 2013-11-26 | 2014-03-12 | 乐视网信息技术(北京)股份有限公司 | Account login method and electronic equipment |
| CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
| US10356053B1 (en) * | 2014-12-12 | 2019-07-16 | Charles Schwab & Co., Inc. | System and method for allowing access to an application or features thereof on each of one or more user devices |
| CN105450637A (en) * | 2015-11-09 | 2016-03-30 | 歌尔声学股份有限公司 | Single sign-on method and device for multiple application systems |
| US20170295159A1 (en) * | 2016-04-06 | 2017-10-12 | Bank Of America Corporation | Authenticating Clients Using Tokens |
| CN107147644A (en) * | 2017-05-10 | 2017-09-08 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that mobile APP user logs in single equipment |
| CN107404488A (en) * | 2017-08-07 | 2017-11-28 | 上海斐讯数据通信技术有限公司 | A kind of same application multi-terminal equipment mutual exclusion method and device |
| US10931691B1 (en) * | 2017-10-09 | 2021-02-23 | F5 Networks, Inc. | Methods for detecting and mitigating brute force credential stuffing attacks and devices thereof |
| CN108848113A (en) * | 2018-08-15 | 2018-11-20 | 广州视源电子科技股份有限公司 | Client device log-in control method, device, storage medium and server |
| CN110691087A (en) * | 2019-09-29 | 2020-01-14 | 北京搜狐新媒体信息技术有限公司 | Access control method, device, server and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113377302A (en) * | 2021-06-16 | 2021-09-10 | 苏州博瑞凯德信息技术有限公司 | Passive login method and device for printer, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112214780B (en) | Data processing method and device, intelligent equipment and storage medium | |
| US9766914B2 (en) | System and methods for remote maintenance in an electronic network with multiple clients | |
| US9692757B1 (en) | Enhanced authentication for secure communications | |
| US8464325B2 (en) | Method and system for verifying entitlement to access content by URL validation | |
| WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
| TWI497336B (en) | Data security devices and computer program | |
| CN109687959B (en) | Key security management system, key security management method, key security management medium, and computer program | |
| US20180020008A1 (en) | Secure asynchronous communications | |
| CN103107996B (en) | Digital certificate download online method and system, digital certificate are provided platform | |
| CN111953708A (en) | Cross-account login method and device based on cloud platform and server | |
| CN111260398A (en) | Advertisement putting control method and device, electronic equipment and storage medium | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| US8694788B1 (en) | Security system | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| CN112511316A (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
| CN114422143B (en) | Data dynamic encryption method, device, equipment and medium based on artificial intelligence | |
| CN111259428A (en) | Data processing method and device based on block chain, node equipment and storage medium | |
| CN112836206A (en) | Login method, device, storage medium and computer equipment | |
| CN111937348B (en) | Authentication system and computer-readable recording medium | |
| CN112948783A (en) | Client login management method, device, server and storage medium | |
| CN109726578A (en) | A kind of anti-fake solution of novel dynamic two-dimension code | |
| CN104506530A (en) | Network data processing method and device and data transmission method and device | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN113676332B (en) | Two-dimensional code authentication method, communication device and storage medium | |
| CN112132588B (en) | Data processing method and device based on block chain, routing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |