CN115589336A - Cross-domain login method - Google Patents
Cross-domain login method Download PDFInfo
- Publication number
- CN115589336A CN115589336A CN202211487128.6A CN202211487128A CN115589336A CN 115589336 A CN115589336 A CN 115589336A CN 202211487128 A CN202211487128 A CN 202211487128A CN 115589336 A CN115589336 A CN 115589336A
- Authority
- CN
- China
- Prior art keywords
- login
- product access
- software development
- user
- access party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 235000014510 cooky Nutrition 0.000 claims abstract description 14
- 238000001514 detection method Methods 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000009191 jumping Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a cross-domain login method, which belongs to the technical field of computers and comprises the steps that a JS software development kit is quoted on a front-end page of a product access party, and a JSSDK of the JS software development kit detects the login state of a user on the product access party; inputting login information by a user and transmitting the login information into a JS software development toolkit; the login system calibrates login information, uniformly plants cookies to a product access party, generates a corresponding token and returns the token; and the product access party performs service operation according to the returned token and the login information. The JS software development kit integrating three interfaces is developed, different scene changes of the product access side service can be flexibly coped with, the cookie information is uniformly processed to realize login information sharing, the service is not invaded, and the storage problems of cookies and tokens do not need to be concerned with by the service.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a cross-domain login method.
Background
Most internet products require user login to perform normal business process operations, and many large enterprises contain different types of businesses, which may be targeted to clients through different products, and particularly, web-oriented products are accessed through a domain name address when the clients use the products. Many times, different business products of the same enterprise have different domain names for customer access, especially different primary domain names, however, different products require user-related services to be common. In particular, after one product is logged in, it is desirable to jump to another product for direct access without repeated logging, which is called cross-domain sharing of login information. The default in the browser strategy is a homologous strategy, information in products in the website is safe under the same domain name, and cross-domain information is unsafe. In order to solve the problem that multiple products share login information across domains, the security of cross-domain login needs to be ensured, for example, patent No. CN103856493B, and patent name CN is a cross-domain login system and method, the method adopts a POST mode to transmit data and adopts an iframe window mode to perform cross-domain data interaction, but the method has poor configuration flexibility and inflexible information sharing, and has certain intrusiveness on target services, and information needs to be processed by each domain name service independently.
Therefore, the present invention provides a cross-domain login method to solve at least some of the above technical problems.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a cross-domain login method is provided to solve at least some of the above technical problems.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a cross-domain login method comprises the following steps:
step 1, a JS software development toolkit is quoted on a front-end page of a product access party;
step 2, detecting the login state of the user at the product access party by a JS software development toolkit;
step 3, if the user does not log in, jumping to a login page of a product access party, initiating login to the user, inputting login information by the user and transmitting the login information into a JS software development toolkit;
step 4, initiating a login request to a login system of a product access party by a JS software development kit, calibrating login information by the login system, uniformly planting cookies to the product access party by the login system and generating a corresponding token if the login information is correct, and then returning the token and the login information to the product access party;
and 5, the product access party performs service operation according to the returned token and the login information.
Further, the JS software development toolkit is provided with a login state detection interface, a login interface and an exit interface.
Further, in the step 2, a login state detection interface of the JS software development kit is called, and the login state detection interface sends a detection request to a login system of a product access side to check whether the user logs in.
Further, in the step 3, a login interface of the JS software development kit is called, and the user inputs login information and transmits the login information into the login interface.
Furthermore, when the user exits from the product access side, the exit interface of the JS software development kit is called, the cookie is cleared by the exit interface, and then the exit page for product access is skipped.
Further, the login information includes, but is not limited to, a username and a password.
Compared with the prior art, the invention has the following beneficial effects:
the invention develops the JS software development toolkit JSSDK integrating three interfaces, can flexibly cope with different scene changes of the product access side service, uniformly processes the Cookies information to realize login information sharing, has no invasion to the service, and has no need of paying attention to the storage problems of cookies and tokens.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The technical noun is as follows:
cookie: data (usually encrypted) stored by the website on the user's local terminal for Session tracking purposes to identify the user's identity, information temporarily or permanently stored by the user's client computer;
token: the token in the computer identity authentication is used for checking a password before data transmission and authorizing different data operations;
JS, namely JavaScript, which is a lightweight, interpreted or just-in-time compiled programming language with function priority;
the JSSDK is a JS software development toolkit.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
As shown in fig. 1, the cross-domain login method provided by the present invention includes the following steps:
step 1, a front page of a product access party refers to a JS software development toolkit JSSDK;
step 2, detecting the login state of the user at the product access party by a JS software development toolkit JSSDK;
step 3, if the user does not log in, jumping to a login page of a product access party, initiating login to the user, inputting login information by the user and transmitting the login information into a JS software development toolkit JSSDK;
step 4, initiating a login request to a login system of a product access party by a JS software development kit JSSDK, calibrating login information by the login system, uniformly planting cookies to the product access party by the login system and generating a corresponding token if the login information is correct, and then returning the token and the login information to the product access party;
and step 5, the product access party performs service operation according to the returned token and the login information.
The JS software development toolkit JSSDK is provided with a login state detection interface, a login interface and an exit interface. The JS software development toolkit JSDK is a tool integrating three interfaces and one JS, can flexibly cope with different scene changes of a product access side service, and processes cookie information uniformly to realize login information sharing, so that the service is not invaded, and the service does not need to pay attention to storage problems of cookies and tokens. .
In the step 2 of the invention, a login state detection interface of a JSSDK is called, the login state detection interface sends a detection request to a login system of a product access side, and whether a user logs in is checked, so that unified user login information check is realized.
In the step 3, a login interface of a JSSDK is called, and a user inputs login information and transmits the login information to the login interface, so that unified login cross-domain is realized.
Particularly, when the user exits from the product access side, the exit interface of the JS software development kit JSSDK is called, the cookie is cleared through the exit interface, and then the user jumps to an exit page of the product access, so that unified exit login is realized.
The product access party includes but is not limited to web, app and other internet products, and the login information includes but is not limited to user name and password.
Finally, it should be noted that: the above embodiments are only preferred embodiments of the present invention to illustrate the technical solutions of the present invention, but not to limit the technical solutions, and certainly not to limit the patent scope of the present invention; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; the modifications or the substitutions do not cause the essence of the corresponding technical solutions to depart from the scope of the technical solutions of the embodiments of the present invention; that is, the technical problems to be solved by the present invention are still consistent with the present invention, and all the modifications or changes made without substantial meaning in the spirit and scope of the present invention should be included in the protection scope of the present invention; in addition, the technical scheme of the invention is directly or indirectly applied to other related technical fields, and the technical scheme is included in the patent protection scope of the invention.
Claims (6)
1. A cross-domain login method is characterized by comprising the following steps:
step 1, a JS software development toolkit is quoted on a front-end page of a product access party;
step 2, detecting the login state of the user at the product access party by a JS software development toolkit;
step 3, if the user does not log in, jumping to a login page of a product access party, initiating login to the user, inputting login information by the user and transmitting the login information into a JS software development toolkit;
step 4, initiating a login request to a login system of a product access party by a JS software development kit, calibrating login information by the login system, uniformly planting cookies to the product access party by the login system and generating corresponding tokens if the login information is correct, and then returning the tokens and the login information to the product access party;
and step 5, the product access party performs service operation according to the returned token and the login information.
2. The cross-domain login method according to claim 1, wherein the JS software development toolkit is provided with a login state detection interface, a login interface and an exit interface.
3. The cross-domain login method according to claim 2, wherein in step 2, a login state detection interface of the JS software development kit is called, and the login state detection interface sends a detection request to a login system of a product access party to check whether a user logs in.
4. The cross-domain login method according to claim 2, wherein in the step 3, a login interface of the JS software development toolkit is called, and the user inputs login information and transmits the login information into the login interface.
5. The cross-domain login method recited in claim 2, wherein when the user exits the product access party, the exit interface of the JS software development kit is called, the exit interface clears the cookie, and then the user jumps to an exit page for product access.
6. The cross-domain login method of claim 1, wherein the login information comprises but is not limited to a username and a password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211487128.6A CN115589336A (en) | 2022-11-25 | 2022-11-25 | Cross-domain login method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211487128.6A CN115589336A (en) | 2022-11-25 | 2022-11-25 | Cross-domain login method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115589336A true CN115589336A (en) | 2023-01-10 |
Family
ID=84783441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211487128.6A Pending CN115589336A (en) | 2022-11-25 | 2022-11-25 | Cross-domain login method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115589336A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090055908A1 (en) * | 2007-08-21 | 2009-02-26 | Narae Enterprises, Inc. | Apparatus and method for accessing user cookies between network domains |
| CN101605030A (en) * | 2008-06-13 | 2009-12-16 | 新奥特(北京)视频技术有限公司 | A kind of uniform authentication realizing method of using towards TV station based on Active Directory |
| CN105897743A (en) * | 2016-05-26 | 2016-08-24 | 努比亚技术有限公司 | Cross-domain single sign-on method and server |
| CN111431838A (en) * | 2019-01-09 | 2020-07-17 | 北京神州泰岳软件股份有限公司 | Method and device for single-point login and single-point logout in cluster and API gateway |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
-
2022
- 2022-11-25 CN CN202211487128.6A patent/CN115589336A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090055908A1 (en) * | 2007-08-21 | 2009-02-26 | Narae Enterprises, Inc. | Apparatus and method for accessing user cookies between network domains |
| CN101605030A (en) * | 2008-06-13 | 2009-12-16 | 新奥特(北京)视频技术有限公司 | A kind of uniform authentication realizing method of using towards TV station based on Active Directory |
| CN105897743A (en) * | 2016-05-26 | 2016-08-24 | 努比亚技术有限公司 | Cross-domain single sign-on method and server |
| CN111431838A (en) * | 2019-01-09 | 2020-07-17 | 北京神州泰岳软件股份有限公司 | Method and device for single-point login and single-point logout in cluster and API gateway |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
Non-Patent Citations (2)
| Title |
|---|
| HTTPS://BLOG.CSDN.NET/QQ_44724480/ARTICLE/DETAILS/120059335: "JS_SDK实现网站应用QQ登录功能", 《CSDN》 * |
| 胡小舟: "一种基于Token的安全跨域登录方法及实现", 《网络安全与信息化》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109862018B (en) | Anti-crawler method and system based on user access behavior | |
| CA3177558C (en) | Computer systems, computer-implemented methods, and computer devices for processing a transaction message | |
| US8756661B2 (en) | Dynamic user authentication for access to online services | |
| US10432598B2 (en) | System and method for providing controlled application programming interface security | |
| US20180033089A1 (en) | Method and system for identifying and addressing potential account takeover activity in a financial system | |
| US8566907B2 (en) | Multiple user login detection and response system | |
| US8635662B2 (en) | Dynamic trust model for authenticating a user | |
| US7222363B2 (en) | Device independent authentication system and method | |
| CN102480490B (en) | Method for preventing CSRF attack and equipment thereof | |
| US9374372B2 (en) | Systems and methods for profiling client devices | |
| EP2611106A1 (en) | System for automated prevention of fraud | |
| CN106302308B (en) | Trust login method and device | |
| CN112800411B (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
| US20080114858A1 (en) | Reconstructing Data on a Network | |
| CN105763635A (en) | Information processing method and system and server | |
| WO2007058732A2 (en) | B2c authentication system and methods | |
| US7506363B2 (en) | Methods, systems, and computer program products for user authorization levels in aggregated systems | |
| CN110138747B (en) | Method and system for verifying login state of account | |
| US20220191202A1 (en) | Consent-based authorization system | |
| US9866587B2 (en) | Identifying suspicious activity in a load test | |
| US20240022587A1 (en) | Network security techniques comparing observed distributions to baseline distributions | |
| US11805096B2 (en) | Technique for restricting access to information | |
| US20210367923A1 (en) | Systems and methods for detecting and dynamically rate limiting account discovery and takeover attempts | |
| CN102243738A (en) | Safety payment system and method | |
| CN115589336A (en) | Cross-domain login method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230110 |
|
| RJ01 | Rejection of invention patent application after publication |