CN114218513A - Method for automatically replying token at web front end - Google Patents
Method for automatically replying token at web front end Download PDFInfo
- Publication number
- CN114218513A CN114218513A CN202111542280.5A CN202111542280A CN114218513A CN 114218513 A CN114218513 A CN 114218513A CN 202111542280 A CN202111542280 A CN 202111542280A CN 114218513 A CN114218513 A CN 114218513A
- Authority
- CN
- China
- Prior art keywords
- token
- access
- session
- identification field
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 235000014510 cooky Nutrition 0.000 claims abstract description 18
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 230000001360 synchronised effect Effects 0.000 claims abstract description 6
- 230000002452 interceptive effect Effects 0.000 claims abstract description 4
- 230000001960 triggered effect Effects 0.000 claims description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for automatically replying a token by a web front end, which relates to the technical field of access authority and comprises the following steps: the user logs in the browser, and when the user sends an interface request to the back end through the front end, the back end returns access _ token, refresh _ token and the longest session idle time; the front end stores the return information and sets a login valid identification field in the cookie; defining a uniform method at the front end to judge whether the session is overtime: if yes, quitting, if yes, continuously judging whether the access _ token needs to be updated; after the front end sends an interface request to the back end, whether the session is overtime is judged by a method defined by the front end, a page event is monitored, and whether the session is overtime is judged again when the page has interactive operation; setting a timer to monitor a login valid identification field in the cookie, and executing an exit operation if the field is invalid; and setting an exit identification field in the localStorage, monitoring the field, and realizing synchronous exit of other pages with the same domain name in the browser. The invention can realize the automatic renewal of the token access _ token within the session validity period and improve the user experience.
Description
Technical Field
The invention relates to the technical field of access permission, in particular to a method for automatically replying a token by a web front end.
Background
Aiming at independent deployment of a plurality of products in the cloud platform, the cloud platform adopts single sign-on to connect a plurality of sub-platforms together, so that unified sign-on authentication and authorized access are realized, and access barriers among the products are reduced. In the method, information such as identity authentication session data access _ token, refresh _ token, longest session idle time and the like is stored in the client, wherein the refresh _ token is used as a certificate for refreshing the access _ token, and the token needs to be safely stored at the front end of the web to solve the problem of poor user experience caused by insufficient interface authority after the access _ token expires.
Disclosure of Invention
Aiming at the requirements and the defects of the prior art development, the invention provides a method for automatically replying the token by the web front end, so as to conveniently realize the automatic replying of the token, keep the synchronization of the conversation effectiveness of the front end and the back end and solve the poor user experience caused by insufficient interface authority after the expiration of the access _ token.
The invention discloses a method for automatically replying a token by a web front end, which adopts the following technical scheme for solving the technical problems:
a method for automatically renewing a token by a web front end comprises the following implementation processes:
step S1, a user logs in a browser and jumps among a plurality of independent sub-platforms or refreshes a current page through links;
step S2, when the user sends the interface request to the back end through the front end, the back end returns the information of the access _ token, the refresh _ token and the longest session idle time to the front end;
step S3, the front end saves the return information of the back end, and sets a login valid identification field in the cookie of the browser, wherein the valid period of the login valid identification field is the longest session idle time returned by the back end;
step S4, defining a uniform method in the front-end anchor service, and determining whether the session is overtime by the method: if the session is overtime, quitting is executed, and if the session is in the valid period, whether the access _ token needs to be updated or not is continuously judged;
step S5, after the front end sends an interface request to the back end, whether the session is overtime is judged through the unified method defined in step S4, and simultaneously page events are monitored, and when the page of the front end has interactive operation, whether the session is overtime is judged through the unified method defined in step S4;
step S6, setting a timer setInterval at the front end, regularly monitoring the login valid identification field in the cookie, and executing exit operation when the login valid identification field is invalid;
and step S7, when executing the quitting operation, setting a quitting identification field in the localStorage, and realizing the synchronous quitting of other pages with the same domain name in the browser by monitoring the quitting identification field.
Optionally, the refresh token is used to update the access token, and the validity period of the refresh token is greater than that of the access token.
Further optionally, the access _ token and refresh _ token returned by the back-end to the front-end are stored in the front-end code and are not exposed in the cookie of the browser.
Optionally, the specific manner for determining whether the access _ token needs to be updated is as follows:
it is determined whether the access token distance expiration time is less than a threshold B,
if the current token is less than the threshold value B, a page pop-up prompt is given, namely that the current token is invalid, the page is required to be refreshed, after the user clicks and determines, the page refreshing operation is executed, and the step S2 is entered;
and if the value is larger than the threshold B, continuously judging whether the value is smaller than the threshold C, if the value is smaller than the threshold C, sending an updating request to the back end, and replacing the new access _ token and the new access _ token by the refresh _ token.
Further optionally, in the process of executing step S4 to determine whether the session is overtime, the current access time needs to be recorded, and the current access time is compared with the last access time, and if the access interval between two times is greater than the threshold B, it is further determined whether the access _ token needs to be updated.
Further optionally, step S5 is executed, after the front end sends the interface request to the back end, and when step S4 determines that the session is not overtime, the current access _ token is added to the request header.
Further optionally, step S5 is executed, before monitoring the page event, the specified click event and the visibility event are registered in EventTarget, when the click event and the visibility event are monitored, a callback method is triggered, step S4 is executed to determine whether the session is overtime, and then the operation of exiting or updating the token is executed.
Optionally, when the timer setInterval is set at the front end, the execution time of the timer setInterval is consistent with the threshold B.
Optionally, when the exit operation is performed,
firstly, a timer setInterval monitors whether a login valid identification field in a cookie is valid, if so, the login valid identification field in the cookie is deleted, and meanwhile, a logout identification field set by localStorage is modified to finish logout of a current page in a browser;
and then, the front end monitors a page event, and executes synchronous exit of other pages with the same domain name in the browser when the exit identification field of the localStorage is changed.
Compared with the prior art, the method for automatically replying the token by the web front end has the following beneficial effects:
(1) the method can realize automatic renewal of the token access _ token within the session validity period, and automatically quit the login of the browser after the longest session idle time is exceeded, thereby avoiding the problem that the front end exceeds the longest session idle time so as to report 401 errors, improving the user experience, and simultaneously ensuring the synchronization of the session validity periods of the front end and the rear end;
(2) the token access _ token is not exposed in the cookie of the browser, so that the token can be effectively prevented from being stolen, and the refresh _ token can update the access _ token, thereby effectively prolonging the access validity period of the session.
Drawings
FIG. 1 is a flow chart of the token access token update of the present invention;
FIG. 2 is a flow chart of the present invention for performing an exit operation.
Detailed Description
In order to make the technical scheme, the technical problems to be solved and the technical effects of the present invention more clearly apparent, the following technical scheme of the present invention is clearly and completely described with reference to the specific embodiments.
The first embodiment is as follows:
the embodiment provides a method for automatically replying a token by a web front end, which comprises the following implementation processes:
and step S1, the user logs in the browser and jumps among a plurality of independent sub-platforms through links or refreshes the current page.
Step S2, when the user sends the interface request to the backend through the front end, the backend returns the information of the access _ token, the refresh _ token and the longest session idle time to the front end.
The refresh token is used to update the token access token, and the valid period of the refresh token is greater than that of the token access token.
The access _ token and refresh _ token returned by the back end to the front end are stored in the front end code and are not exposed in the cookie of the browser.
And step S3, the front end saves the return information of the back end, and sets a login valid identification field in the cookie of the browser, wherein the valid period of the login valid identification field is the longest session idle time returned by the back end.
Step S4, defining a uniform method in the front-end anchor service, and determining whether the session is overtime by the method:
if the session is overtime, exiting is executed;
if the session is in the valid period, continuously judging whether the token access _ token needs to be updated, and combining with the attached figure 1, the specific manner is as follows:
it is determined whether the token access token distance expiration time is less than a threshold B,
if the current token is less than the threshold value B, a page pop-up prompt is given, namely that the current token is invalid, the page is required to be refreshed, after the user clicks and determines, the page refreshing operation is executed, and the step S2 is entered;
if the token is larger than the threshold B, continuously judging whether the token is smaller than the threshold C, if the token is smaller than the threshold C, sending an updating request to the back end, and exchanging new tokens access _ token and refresh _ token through refresh _ token.
The points to be supplemented are: executing step S4 to determine whether the session is overtime, the current access time needs to be recorded, and the current access time is compared with the last access time, if the access interval is greater than the threshold B, it is further determined whether the token access _ token needs to be updated.
Step S5, after the front end sends an interface request to the back end, the unified method defined in step S4 is used to determine whether the session is overtime, and at the same time, the page event is monitored, and when the front end page has interactive operation, the unified method defined in step S4 is used to determine whether the session is overtime.
After the front-end sends the interface request to the back-end, if step S4 is executed to determine that the session is not timed out, the current token access _ token is added to the request header.
Registering the specified click event and the visibiliychange event to the eventTarget before monitoring the page event, triggering a callback method when monitoring the execution of the click event/visibiliychange event, executing the step S4, judging whether the session is overtime, and further executing the operation of quitting or updating the token.
Step S6, setting a timer setInterval at the front end, regularly monitoring the login valid identifier field in the cookie, and executing an exit operation when the login valid identifier field fails.
When the timer setInterval is set at the front end, the execution time of the timer setInterval coincides with the threshold B.
When the exiting operation is performed in step S7, in conjunction with fig. 2,
firstly, a timer setInterval monitors whether a login valid identification field in a cookie is valid, if so, the login valid identification field in the cookie is deleted, and meanwhile, a logout identification field set by localStorage is modified to finish logout of a current page in a browser;
and then, the front end monitors a page event, and executes synchronous exit of other pages with the same domain name in the browser when the exit identification field of the localStorage is changed.
In summary, the method for automatically replying the token at the front end of the web can realize the automatic replying of the token access _ token within the session validity period, automatically quit the login of the browser after the longest session idle time is exceeded, avoid the problem that the front end exceeds the longest session idle time and reports 401 errors, improve the user experience, and simultaneously ensure the synchronization of the session validity periods of the front end and the rear end.
The principles and embodiments of the present invention have been described in detail using specific examples, which are provided only to aid in understanding the core technical content of the present invention. Based on the above embodiments of the present invention, those skilled in the art should make any improvements and modifications to the present invention without departing from the principle of the present invention, and therefore, the present invention should fall into the protection scope of the present invention.
Claims (9)
1. A method for automatically renewing a token by a web front end is characterized by comprising the following implementation processes:
step S1, a user logs in a browser and jumps among a plurality of independent sub-platforms or refreshes a current page through links;
step S2, when the user sends the interface request to the back end through the front end, the back end returns the information of the access _ token, the refresh _ token and the longest session idle time to the front end;
step S3, the front end saves the return information of the back end, and sets a login valid identification field in the cookie of the browser, wherein the valid period of the login valid identification field is the longest session idle time returned by the back end;
step S4, defining a uniform method in the front-end anchor service, and determining whether the session is overtime by the method: if the session is overtime, quitting is executed, and if the session is in the valid period, whether the access _ token needs to be updated or not is continuously judged;
step S5, after the front end sends an interface request to the back end, whether the session is overtime is judged through the unified method defined in step S4, and simultaneously page events are monitored, and when the page of the front end has interactive operation, whether the session is overtime is judged through the unified method defined in step S4;
step S6, setting a timer setInterval at the front end, regularly monitoring the login valid identification field in the cookie, and executing exit operation when the login valid identification field is invalid;
and step S7, when executing the quitting operation, setting a quitting identification field in the localStorage, and realizing the synchronous quitting of other pages with the same domain name in the browser by monitoring the quitting identification field.
2. The method as claimed in claim 1, wherein the refresh token is used to update the access token, and the valid period of the refresh token is greater than that of the access token.
3. The method for automatically renewing the token of the web front end according to claim 2, wherein the access token and refresh token returned from the back end to the front end are stored in the front end code and are not exposed in the cookie of the browser.
4. The method for automatically renewing the token by the web front end according to claim 1, wherein the specific manner for determining whether the access token needs to be updated is as follows:
it is determined whether the access token distance expiration time is less than a threshold B,
if the current token is less than the threshold value B, a page pop-up prompt is given, namely that the current token is invalid, the page is required to be refreshed, after the user clicks and determines, the page refreshing operation is executed, and the step S2 is entered;
and if the value is larger than the threshold B, continuously judging whether the value is smaller than the threshold C, if the value is smaller than the threshold C, sending an updating request to the back end, and replacing the new access _ token and the new access _ token by the refresh _ token.
5. The method of claim 4, wherein in the step of executing S4, it is determined whether the session is overtime, it is necessary to record the current access time, and compare the current access time with the last access time, and if the two access intervals are greater than the threshold B, it is further determined whether the access _ token needs to be updated.
6. The method of claim 5, wherein the step S5 is executed, and after the front end sends the interface request to the back end, the current access token is added to the request header when the step S4 determines that the session is not over time.
7. The method for automatically renewing the token through the web front end according to claim 5, wherein step S5 is executed, before monitoring the page event, the specified click event and visibility event are registered to the EventTarget, when the execution of the click event and visibility event is monitored, the callback method is triggered to execute step S4, and whether the session is timed out is determined, so as to execute the operation of quitting or updating the token.
8. The method for automatically replying to a token by a web front end as claimed in claim 4, wherein when the timer setInterval is set by the front end, the execution time of the timer setInterval is consistent with the threshold B.
9. The method of claim 1, wherein when the logout operation is performed,
firstly, a timer setInterval monitors whether a login valid identification field in a cookie is valid, if so, the login valid identification field in the cookie is deleted, and meanwhile, a logout identification field set by localStorage is modified to finish logout of a current page in a browser;
and then, the front end monitors a page event, and executes synchronous exit of other pages with the same domain name in the browser when the exit identification field of the localStorage is changed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111542280.5A CN114218513A (en) | 2021-12-16 | 2021-12-16 | Method for automatically replying token at web front end |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111542280.5A CN114218513A (en) | 2021-12-16 | 2021-12-16 | Method for automatically replying token at web front end |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114218513A true CN114218513A (en) | 2022-03-22 |
Family
ID=80702817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111542280.5A Pending CN114218513A (en) | 2021-12-16 | 2021-12-16 | Method for automatically replying token at web front end |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114218513A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115442437A (en) * | 2022-11-07 | 2022-12-06 | 北京智象信息技术有限公司 | Token expiration automatic renewal authentication method, device, equipment and medium |
-
2021
- 2021-12-16 CN CN202111542280.5A patent/CN114218513A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115442437A (en) * | 2022-11-07 | 2022-12-06 | 北京智象信息技术有限公司 | Token expiration automatic renewal authentication method, device, equipment and medium |
| CN115442437B (en) * | 2022-11-07 | 2023-03-28 | 北京智象信息技术有限公司 | Token expiration automatic renewal authentication method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181941B (en) | Page login method, system and related device | |
| US9684777B2 (en) | Identity authentication method of an internet account, identity authentication device of an internet account and server | |
| US8204928B2 (en) | System and method for analyzing internet usage | |
| US20080172721A1 (en) | Internet Access Time Control Method Using Authentication Assertion | |
| CN104410674B (en) | A kind of WEB session synchronization methods of single-node login system | |
| CN114218513A (en) | Method for automatically replying token at web front end | |
| CN102143226A (en) | Time-out control method, time-out control device and time-out control system | |
| CN112398856B (en) | Page access method, device, equipment and storage medium | |
| CN106789868A (en) | A kind of website user's Activity recognition and managing and control system | |
| CN109787984A (en) | A kind of third party authorizes token management method and system | |
| CN107920063A (en) | A kind of method of online updating tokenID | |
| CN110519266A (en) | A method of the cc attack detecting based on statistical method | |
| CN105306407A (en) | User account number login method and device | |
| CN110611611A (en) | Web security access method for home gateway | |
| CN106406499A (en) | An aligned awakening method and device based on a terminal system | |
| CN111814121B (en) | Login authentication management system and method based on computer system | |
| CN101699828B (en) | Method and system for determining whether client is on-line or not in B/S architecture | |
| US10148754B1 (en) | Resource management in a distributed system | |
| CN111092864B (en) | Session protection method, device, equipment and readable storage medium | |
| CN112861092A (en) | Method and system for realizing single-terminal login limitation based on JWT authentication application | |
| CN108073792A (en) | A kind of version authorization control system and method under (SuSE) Linux OS | |
| CN114609985B (en) | Control method, device, medium and equipment of EMS system | |
| CN116112280B (en) | Network safety protection system based on artificial intelligence | |
| CN113037692A (en) | Website anti-blocking method and system with limited access times | |
| CN106375354B (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |