CN114389817A - Method and device for transmitting user session data shared among multiple servers - Google Patents
Method and device for transmitting user session data shared among multiple servers Download PDFInfo
- Publication number
- CN114389817A CN114389817A CN202111593015.XA CN202111593015A CN114389817A CN 114389817 A CN114389817 A CN 114389817A CN 202111593015 A CN202111593015 A CN 202111593015A CN 114389817 A CN114389817 A CN 114389817A
- Authority
- CN
- China
- Prior art keywords
- data
- session
- original data
- encrypted
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004806 packaging method and process Methods 0.000 claims abstract description 5
- 238000012545 processing Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 15
- 238000005538 encapsulation Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 239000004065 semiconductor Substances 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000005012 migration Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 229910044991 metal oxide Inorganic materials 0.000 description 1
- 150000004706 metal oxides Chemical class 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a method and a device for transmitting user session data shared among multiple servers, which are used for realizing the storage and management of distributed session data independent of server-side cache. The application provides a method for transmitting user session data shared among multiple servers, which comprises the following steps: acquiring original data of a user session shared among multiple servers; packaging the original data, generating and sending packaged session data, wherein the packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for transmitting user session data shared among multiple servers.
Background
The following description of background art may include insights, discoveries, understandings or disclosures or associations of at least some examples of embodiments of the application, and disclosures not known to the relevant prior art but provided by the application. Some such contributions of the application may be specifically pointed out below, whereas other such contributions of the application will be apparent from the relevant context.
Stateless service is a service without special state, each request is uniformly and indiscriminately processed for a server, the request carries all parameters required by all server terminals, and the server terminals do not store any data related to the request and do not include database storage information.
Stateless services handle a single request independently of other requests, i.e. all the information required to handle a request is either contained in the request or is available externally (e.g. in a database), and the server itself does not store any information.
Redis (remote Dictionary Server), a remote Dictionary service, is an open source log-type and Key-Value database written in ANSI C language, supporting network, based on memory and persistent, and provides API of multiple languages.
In WEB development, since state information accessed by a user, that is, user session (session) data, needs to be recorded, session data needs to be implemented on a server side to store the state information of the currently accessed user. At present, a common method is to store the state information of a user in a memory of a server, and when the user accesses, the server obtains the state information of the user from the memory to perform operations such as management and access control.
The existing session data implementation scheme can work well under the condition of single service. However, for a multi-service situation or a scenario requiring load balancing, session data migration needs to be implemented at a server side or session data storage management needs to be performed in a third-party cache manner such as Redis. The implementation scheme has the problems of complex management of session data synchronous migration and competition of data synchronous locks for centralized third-party cache access under the condition of high concurrency.
Disclosure of Invention
The embodiment of the application provides a method and a device for transmitting user session data shared among multiple servers, which are used for realizing the storage and management of distributed session data independent of server-side cache.
At a data sending end, a method for transmitting user session data shared among multiple servers provided by an embodiment of the present application includes:
acquiring original data of a user session shared among multiple servers;
packaging the original data, generating and sending packaged session data, wherein the packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
By the method, the original data of the user session shared among the multiple servers is packaged, and the generated and sent packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data. Therefore, the distributed session data storage and management independent of the server-side cache are realized, one server side can store the session data in a client side (namely a browser side), and when the other server side accesses the server side, the session data can be subjected to decryption, verification, modification and other processing by the other server side through the client side.
Optionally, the signature data is obtained by calculating the encrypted data and the original data by using a preset signature algorithm.
Optionally, the encapsulated session data further includes a data header.
Optionally, the encrypted data used for generating the signature data is randomly generated data.
Optionally, the encrypted original data is obtained by compressing the original data and then encrypting the compressed original data, where the used encryption key is an encryption key shared among the multiple servers.
At a data receiving end, a method for transmitting user session data shared among multiple servers provided by an embodiment of the present application includes:
receiving encapsulated session data, wherein the encapsulated session data are obtained by encapsulating original data of user sessions shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and de-encapsulating the encapsulated session data.
Optionally, the decapsulating processing is performed on the encapsulated session data, and specifically includes:
decrypting the encrypted original data by adopting an encryption key shared among the multiple servers to obtain original data;
and generating signature data by adopting the encrypted data for generating the signature data and the original data obtained by decryption, and comparing whether the generated signature data is consistent with the signature data in the packaged session data.
The transmission device for user session data shared among multiple servers provided by the embodiment of the application comprises:
an acquisition unit configured to acquire original data of a user session shared among multiple servers;
an encapsulating unit, configured to perform encapsulation processing on the original data, generate and send encapsulated session data, where the encapsulated session data includes the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
The transmission device for user session data shared among multiple servers provided by the embodiment of the application comprises:
a receiving unit, configured to receive encapsulated session data, where the encapsulated session data is obtained by encapsulating original data of a user session shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and the decapsulation unit is used for decapsulating the encapsulated session data.
Optionally, the method further comprises:
an acquisition unit configured to acquire original data of a user session shared among multiple servers;
the encapsulation unit is used for encapsulating the original data acquired by the acquisition unit, generating and sending encapsulated session data, and the encapsulated session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
Another embodiment of the present application provides a computing device, which includes a memory and a processor, wherein the memory is used for storing program instructions, and the processor is used for calling the program instructions stored in the memory and executing any one of the above methods according to the obtained program.
Furthermore, according to an embodiment, for example, a computer program product for a computer is provided, which comprises software code portions for performing the steps of the method as defined above, when said product is run on a computer. The computer program product may include a computer-readable medium having software code portions stored thereon. Further, the computer program product may be directly loaded into an internal memory of the computer and/or transmitted via a network through at least one of an upload process, a download process, and a push process.
Another embodiment of the present application provides a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for transmitting user session data shared among multiple servers at a sending end according to an embodiment of the present application;
fig. 2 is a schematic diagram of a session data format provided in the embodiment of the present application;
fig. 3 is a schematic flowchart of a method for transmitting user session data shared among multiple servers at a receiving end according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a transmission apparatus for user session data shared among multiple servers at a sending end according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a transmission apparatus for user session data shared among multiple servers at a receiving end according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a device for transmitting user session data shared among multiple servers according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a method and a device for transmitting user session data shared among multiple servers, which are used for realizing the storage and management of distributed session data independent of server-side cache.
The method and the device are based on the same application concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.
The terms "first," "second," and the like in the description and in the claims of the embodiments of the application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The following examples and embodiments are to be understood as merely illustrative examples. Although this specification may refer to "an", "one", or "some" example or embodiment(s) in several places, this does not imply that each such reference relates to the same example or embodiment, nor that the feature only applies to a single example or embodiment. Individual features of different embodiments may also be combined to provide other embodiments. Furthermore, terms such as "comprising" and "comprises" should be understood as not limiting the described embodiments to consist of only those features that have been mentioned; such examples and embodiments may also include features, structures, elements, modules, etc. not specifically mentioned.
Various embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the display sequence of the embodiment of the present application only represents the sequence of the embodiment, and does not represent the merits of the technical solutions provided by the embodiments.
Referring to fig. 1, a method for transmitting user session data shared among multiple servers according to an embodiment of the present application includes:
s101, acquiring original data of a user session shared among multiple servers;
s102, packaging the original data, generating and sending packaged session data, wherein the packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
Optionally, the encapsulated session data further includes a data header.
For example, referring to fig. 2, the embodiment of the present application defines a storage format of session data. The original data comprises a magic and a session, wherein the magic is variable-length data generated randomly and is used for data confusion or later expansion. session is actual user session data, and how to organize the data is determined by an application developer, for example, data content obtained by serializing a Java object using a Java serializing operation.
That is to say, the encapsulated session data described in the embodiment of the present application includes, for example, the following four sections:
the first section of data: such as fixed english letters enclosed in quotation marks. For example, "telecommunications session" indicates that the data content is a telecommunications session without a quotation mark.
"telecommunications session" is a fixed data content, and is Set to be compatible with Set-Cookies, and is used to identify subsequent data content.
Second-stage data:
and m represents data obtained by performing Base64 encoding on the magic data and is used for checking the actual session data later.
The magic has the functions of ensuring the same plaintext session content, obtaining different ciphertext contents, enhancing the security of session data and preventing a third party from guessing the content in the whole format.
Third section data:
sign represents data obtained by performing SM3 signature operation on the content spliced by the magic data and the session data, and because the signed data are binary data, the binary data are subjected to Base64 encoding, so that data transmission is facilitated.
The sign is a signature of the data, and the session data is guaranteed not to be tampered or damaged by a third party in the transmission process, so that the reliability and the safety of the session content are guaranteed.
Fourth segment data:
frame represents the data content after SM4 encryption of compressed session data and encoding by Base 64. Wherein the key used for SM4 encryption is an SM4 key shared by all servers.
The SM4 encryption is performed on the session, so as to ensure that the content of the session is not known by a third party during transmission, so as to ensure that the content of the session is invisible to the client.
The content of the session may be realized by each platform according to the implementation of different server sides, and for the serialized data of the session, it is assumed that the serialized data is the session. Since the content of the session needs to be kept secret from the client and has the property of being not tampered with, it is assumed that the server sides sharing the session data all share a common secret key.
The final encapsulated data is formed by splicing the four segments of data according to the sequence shown in fig. 2, except for the previous two segments of data, each segment of data is divided by using English characters as shown in fig. 2 and is used for distinguishing data of different segments, so that a receiving end can conveniently perform decapsulation to obtain data of a corresponding segment.
In summary, as shown in fig. 2, session data starts with a fixed character string "teleotherwise", content m and a fixed character ". that is, content m that is base64 encoded for the mac data are subsequently spliced, data that is signed after the mac data and the session data are spliced by the SM3 algorithm is subsequently spliced, and the fixed character string". is spliced, and then session data content SD that is compressed by gzip and encrypted by the SM4 is further spliced.
The server at the sending end can directly return the encapsulated session data content to the browser through the header Set-Cookies of the HTTP. The browser automatically processes the session data and carries the session data to another server when requesting service each time. The server side can realize the session function originally realized at the server side only by carrying out decryption and verification on the data according to the cryptography rule.
Accordingly, at a receiving end, referring to fig. 3, an embodiment of the present application provides a method for transmitting user session data shared among multiple servers, including:
s201, receiving encapsulated session data, wherein the encapsulated session data are obtained by encapsulating original data of user sessions shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
s202, decapsulating the encapsulated session data.
For example, in the format shown in fig. 2, the data contents are read in sequence from back to front, and integrity verification is performed.
Optionally, the decapsulating processing is performed on the encapsulated session data, and specifically includes:
decrypting the encrypted original data by adopting an encryption key shared among the multiple servers to obtain original data;
and generating signature data by adopting the encrypted data for generating the signature data and the original data obtained by decryption, and comparing whether the generated signature data is consistent with the signature data in the packaged session data. For example, if the data is consistent, the data is complete and is not tampered; if the two are not consistent, packet loss processing can be performed, or the packet loss processing is fed back to the sending end, so that the sending end can resend the packet.
Therefore, the embodiment of the application has the following advantages:
by using the implementation standard of the existing HTTP protocol, a cache management mechanism independent of complex redundancy of a server end is realized, and session data transmission processing of a cross-server is realized.
Compared with the traditional single-server session implementation, even if a user requests to migrate to other servers, the content of the session data can still be read by a new server.
Compared with a mode based on the third-party cache synchronization session, the method avoids the trouble of managing and erecting the third-party cache, and does not need to wait for the relevant locks of the competition of the third-party cache to wait for the IO pressure request under the high concurrency condition.
Meanwhile, based on the protection of cryptography, through the encryption processing and the corresponding verification of the magic, the invisible and the non-falsification of the session content can be ensured, and the session content can be seamlessly integrated with the existing http protocol without additional browser end transformation or realization.
The following describes an apparatus or device provided in the embodiments of the present application, where technical features the same as or corresponding to those described in the above methods are explained or illustrated, and are not further described later.
Referring to fig. 4, an apparatus for transmitting user session data shared among multiple servers according to an embodiment of the present application includes:
an acquisition unit 11 for acquiring original data of a user session shared among multiple servers;
an encapsulating unit 12, configured to perform encapsulation processing on the original data, generate and send encapsulated session data, where the encapsulated session data includes the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
Optionally, the signature data is obtained by calculating the encrypted data and the original data by using a preset signature algorithm.
Optionally, the encapsulated session data further includes a data header.
Optionally, the encrypted data used for generating the signature data is randomly generated data.
Optionally, the encrypted original data is obtained by compressing the original data and then encrypting the compressed original data, where the used encryption key is an encryption key shared among the multiple servers.
Referring to fig. 5, an apparatus for transmitting user session data shared among multiple servers according to an embodiment of the present application includes:
a receiving unit 21, configured to receive encapsulated session data, where the encapsulated session data is obtained by encapsulating original data of a user session shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and a decapsulating unit 22, configured to decapsulate the encapsulated session data.
Optionally, the decapsulating processing is performed on the encapsulated session data, and specifically includes:
decrypting the encrypted original data by adopting an encryption key shared among the multiple servers to obtain original data;
and generating signature data by adopting the encrypted data for generating the signature data and the original data obtained by decryption, and comparing whether the generated signature data is consistent with the signature data in the packaged session data.
Optionally, the transmission device further includes a unit shown in fig. 4, that is:
an acquisition unit configured to acquire original data of a user session shared among multiple servers;
the encapsulation unit is used for encapsulating the original data acquired by the acquisition unit, generating and sending encapsulated session data, and the encapsulated session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
That is, the transmission apparatus may be a transmitting side apparatus or a receiving side apparatus. The transmission device may be, for example, a server on the network side.
It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Referring to fig. 6, another apparatus for transmitting user session data shared among multiple servers according to an embodiment of the present application includes:
a memory 520 for storing program instructions;
a processor 500 for calling the program instructions stored in the memory, and executing, according to the obtained program:
acquiring original data of a user session shared among multiple servers;
packaging the original data, generating and sending packaged session data, wherein the packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
Optionally, the signature data is obtained by calculating the encrypted data and the original data by using a preset signature algorithm.
Optionally, the encapsulated session data further includes a data header.
Optionally, the encrypted data used for generating the signature data is randomly generated data.
Optionally, the encrypted original data is obtained by compressing the original data and then encrypting the compressed original data, where the used encryption key is an encryption key shared among the multiple servers.
When the transmission apparatus is used as a receiving end, the processor 500 is further configured to call the program instructions stored in the memory, and execute, according to the obtained program:
receiving encapsulated session data, wherein the encapsulated session data are obtained by encapsulating original data of user sessions shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and de-encapsulating the encapsulated session data.
Optionally, the decapsulating processing is performed on the encapsulated session data, and specifically includes:
decrypting the encrypted original data by adopting an encryption key shared among the multiple servers to obtain original data;
and generating signature data by adopting the encrypted data for generating the signature data and the original data obtained by decryption, and comparing whether the generated signature data is consistent with the signature data in the packaged session data.
A transceiver 510 for receiving and transmitting data under the control of the processor 500.
Where in fig. 6, the bus architecture may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 500 and memory represented by memory 520. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 510 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The processor 500 is responsible for managing the bus architecture and general processing, and the memory 520 may store data used by the processor 500 in performing operations.
The processor 500 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD).
The embodiment of the present application provides a computing device, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The computing device may include a Central Processing Unit (CPU), memory, input/output devices, etc., the input devices may include a keyboard, mouse, touch screen, etc., and the output devices may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.
The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In the embodiments of the present application, the memory may be used for storing a program of any one of the methods provided by the embodiments of the present application.
The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained program instructions by calling the program instructions stored in the memory.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method of any of the above embodiments. The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Embodiments of the present application provide a computer-readable storage medium for storing computer program instructions for an apparatus provided in the embodiments of the present application, which includes a program for executing any one of the methods provided in the embodiments of the present application. The computer-readable storage medium may be a non-transitory computer-readable medium.
The computer-readable storage medium can be any available medium or data storage device that can be accessed by a computer, including but not limited to magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
It should be understood that:
the access technology via which entities in the communication network communicate traffic to and from may be any suitable current or future technology, such as WLAN (wireless local access network), WiMAX (worldwide interoperability for microwave access), LTE-a, 5G, bluetooth, infrared, etc. may be used; in addition, embodiments may also apply wired technologies, e.g. IP based access technologies, such as wired networks or fixed lines.
Embodiments suitable for implementation as software code or as part thereof and for operation using a processor or processing functionality are software code independent and may be specified using any known or future developed programming language, such as a high level programming language, such as objective-C, C, C + +, C #, Java, Python, Javascript, other scripting language, etc., or a low level programming language, such as machine language or assembler.
The implementation of the embodiments is hardware independent and may be implemented using any known or future developed hardware technology or any mixture thereof, such as a microprocessor or CPU (central processing unit), MOS (metal oxide semiconductor), CMOS (complementary MOS), BiMOS (bipolar MOS), BiCMOS (bipolar CMOS), ECL (emitter coupled logic) and/or TTL (transistor-transistor logic).
Embodiments may be implemented as separate devices, apparatus, units, components or functions or in a distributed manner, e.g., one or more processors or processing functions may be used or shared in a process or one or more processing segments or processing portions may be used and shared in a process, where a physical processor or more than one physical processor may be used to implement one or more processing portions dedicated to a particular process as described.
The apparatus may be implemented by a semiconductor chip, a chipset, or a (hardware) module comprising such a chip or chipset.
Embodiments may also be implemented as any combination of hardware and software, such as an ASIC (application specific IC (integrated circuit)) component, FPGA (field programmable gate array) or CPLD (complex programmable logic device) component, or DSP (digital signal processor) component.
Embodiments may also be implemented as a computer program product, comprising a computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to perform a process as described in the embodiments, wherein the computer usable medium may be a non-transitory medium.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (13)
1. A method for transmitting user session data shared among multiple servers is characterized by comprising the following steps:
acquiring original data of a user session shared among multiple servers;
packaging the original data, generating and sending packaged session data, wherein the packaged session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
2. The method according to claim 1, wherein the signature data is data obtained by calculating the encrypted data and the original data using a predetermined signature algorithm.
3. The method of claim 1, wherein the encapsulated session data further comprises a data header.
4. The method according to claim 1, wherein the encrypted data used for generating the signature data is randomly generated data.
5. The method according to claim 1, wherein the encrypted original data is obtained by compressing the original data and then encrypting the compressed original data, and an encryption key used is an encryption key shared among the multiple servers.
6. A method for transmitting user session data shared among multiple servers is characterized by comprising the following steps:
receiving encapsulated session data, wherein the encapsulated session data are obtained by encapsulating original data of user sessions shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and de-encapsulating the encapsulated session data.
7. The method according to claim 6, wherein decapsulating the encapsulated session data specifically includes:
decrypting the encrypted original data by adopting an encryption key shared among the multiple servers to obtain original data;
and generating signature data by adopting the encrypted data for generating the signature data and the original data obtained by decryption, and comparing whether the generated signature data is consistent with the signature data in the packaged session data.
8. An apparatus for transmitting user session data shared among multiple servers, comprising:
an acquisition unit configured to acquire original data of a user session shared among multiple servers;
an encapsulating unit, configured to perform encapsulation processing on the original data, generate and send encapsulated session data, where the encapsulated session data includes the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
9. An apparatus for transmitting user session data shared among multiple servers, comprising:
a receiving unit, configured to receive encapsulated session data, where the encapsulated session data is obtained by encapsulating original data of a user session shared among multiple servers; the encapsulated session data includes the following: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data are obtained;
and the decapsulation unit is used for decapsulating the encapsulated session data.
10. The apparatus of claim 9, further comprising:
an acquisition unit configured to acquire original data of a user session shared among multiple servers;
the encapsulation unit is used for encapsulating the original data acquired by the acquisition unit, generating and sending encapsulated session data, and the encapsulated session data comprises the following contents: the encrypted original data, signature data used for verifying the original data by a receiving end and encrypted data used for generating the signature data.
11. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to perform the method of any of claims 1 to 7 in accordance with the obtained program.
12. A computer program product for a computer, characterized in that it comprises software code portions for performing the steps of any one of claims 1 to 7 when the product is run on the computer.
13. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111593015.XA CN114389817A (en) | 2021-12-23 | 2021-12-23 | Method and device for transmitting user session data shared among multiple servers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111593015.XA CN114389817A (en) | 2021-12-23 | 2021-12-23 | Method and device for transmitting user session data shared among multiple servers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114389817A true CN114389817A (en) | 2022-04-22 |
Family
ID=81197200
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111593015.XA Pending CN114389817A (en) | 2021-12-23 | 2021-12-23 | Method and device for transmitting user session data shared among multiple servers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114389817A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6772333B1 (en) * | 1999-09-01 | 2004-08-03 | Dickens Coal Llc | Atomic session-start operation combining clear-text and encrypted sessions to provide id visibility to middleware such as load-balancers |
| CN103200212A (en) * | 2012-01-04 | 2013-07-10 | 中国移动通信集团公司 | Method and system achieving distributed conversation under cloud computing environment |
| CN104735098A (en) * | 2013-12-18 | 2015-06-24 | 青岛海尔空调器有限总公司 | Session information control method and system |
| CN105141676A (en) * | 2015-08-11 | 2015-12-09 | 北京思特奇信息技术股份有限公司 | Session persistence sharing method and session persistence sharing system under multiple servers |
| CN105338063A (en) * | 2015-09-30 | 2016-02-17 | 北京奇虎科技有限公司 | Multi-server user session sharing method and device |
| CN107342856A (en) * | 2017-06-28 | 2017-11-10 | 中南民族大学 | A kind of SDN controller secure authentication method and system |
-
2021
- 2021-12-23 CN CN202111593015.XA patent/CN114389817A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6772333B1 (en) * | 1999-09-01 | 2004-08-03 | Dickens Coal Llc | Atomic session-start operation combining clear-text and encrypted sessions to provide id visibility to middleware such as load-balancers |
| CN103200212A (en) * | 2012-01-04 | 2013-07-10 | 中国移动通信集团公司 | Method and system achieving distributed conversation under cloud computing environment |
| CN104735098A (en) * | 2013-12-18 | 2015-06-24 | 青岛海尔空调器有限总公司 | Session information control method and system |
| CN105141676A (en) * | 2015-08-11 | 2015-12-09 | 北京思特奇信息技术股份有限公司 | Session persistence sharing method and session persistence sharing system under multiple servers |
| CN105338063A (en) * | 2015-09-30 | 2016-02-17 | 北京奇虎科技有限公司 | Multi-server user session sharing method and device |
| CN107342856A (en) * | 2017-06-28 | 2017-11-10 | 中南民族大学 | A kind of SDN controller secure authentication method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965772B2 (en) | Interface invocation method and apparatus for hybrid cloud | |
| US10826969B2 (en) | Network file transfer including file obfuscation | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| EP4350556A1 (en) | Information verification method and apparatus | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN111427860B (en) | Distributed storage system and data processing method thereof | |
| CN115102744A (en) | Data access method and device | |
| CN112560003A (en) | User authority management method and device | |
| CN110602085A (en) | Method and device for sharing and processing data on block chain, storage medium and electronic equipment | |
| CN111181920A (en) | Encryption and decryption method and device | |
| CN113114646B (en) | Risk parameter determination method and device, electronic equipment and storage medium | |
| CN116737598B (en) | Page debugging method, device, electronic equipment and computer readable medium | |
| CN112329044A (en) | Information acquisition method and device, electronic equipment and computer readable medium | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN114389817A (en) | Method and device for transmitting user session data shared among multiple servers | |
| CN116248343A (en) | Registration and login method and system for client | |
| CN112994882B (en) | Authentication method, device, medium and equipment based on block chain | |
| CN115150075A (en) | Method, apparatus, device and medium for data communication based on shared secret key | |
| CN108958771A (en) | Update method, device, server and the storage medium of application program | |
| CN115296934B (en) | Information transmission method and device based on industrial control network intrusion and electronic equipment | |
| CN115378743B (en) | Information encryption transmission method, device, equipment and medium | |
| CN116095671B (en) | Resource sharing method based on meta universe and related equipment thereof | |
| CN113472785B (en) | Data processing method and device, electronic equipment and readable storage medium | |
| CN116702218B (en) | Rendering method, device, terminal and storage medium of three-dimensional model in applet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |