CN117614706A - Enterprise-level user system session management method, device, equipment and medium - Google Patents
Enterprise-level user system session management method, device, equipment and medium Download PDFInfo
- Publication number
- CN117614706A CN117614706A CN202311612754.8A CN202311612754A CN117614706A CN 117614706 A CN117614706 A CN 117614706A CN 202311612754 A CN202311612754 A CN 202311612754A CN 117614706 A CN117614706 A CN 117614706A
- Authority
- CN
- China
- Prior art keywords
- session
- current session
- timeout duration
- current
- access service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims description 39
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000008859 change Effects 0.000 claims abstract description 8
- 238000013475 authorization Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
- H04L67/145—Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to communication technology, and discloses a method for managing enterprise-level user system session, which comprises the following steps: when the generation of the session is monitored, the session type and the target access service of the current session are identified, and the timeout duration of the current session is generated according to the session type and the target access service; distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session; and intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and finishing the current session when the countdown is finished. The invention also provides an enterprise-level user system session management device, electronic equipment and a computer-readable storage medium. The invention can promote the security of enterprise-level user system session management.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for managing a session of an enterprise-level user system, an electronic device, and a computer-readable storage medium.
Background
Users accessing a financial services system typically create both global and local sessions. Local sessions are session management within an application, global sessions are typically used in Single Sign-On (Single Sign-On) scenarios, where a user only needs to log in once to access multiple applications or services of the financial business system without having to provide credentials again.
Both sessions have some security risks, e.g. an attacker can hijack an established session by stealing the session identifier or session token, which allows the attacker to impersonate a legitimate user and perform unauthorized operations. Or if the session timeout is improperly set, the session may remain active after the user leaves, which may result in unauthorized access and operation.
Disclosure of Invention
The invention provides a method, a device, electronic equipment and a computer readable storage medium for managing enterprise-level user system session, which mainly aim to improve the security of enterprise-level user system session management.
In order to achieve the above object, the present invention provides a method for managing a session of an enterprise-level user system, including:
when the generation of the session is monitored, the session type and the target access service of the current session are identified, and the timeout duration of the current session is generated according to the session type and the target access service;
distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session;
and intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and finishing the current session when the countdown is finished.
Optionally, the identifying the session type of the current session and the target access service includes:
acquiring a session request initiated by a user, and analyzing the session request to obtain a session type identifier and a target access service;
and judging whether the session type of the current session is a local session or a global session according to the session type identification.
Optionally, the generating the timeout duration of the current session according to the session type and the target access service includes:
acquiring a preset first timeout duration corresponding to each session type;
acquiring a second timeout duration corresponding to the target access service from a preset access service and session timeout duration table;
and combining the first timeout duration and the second timeout duration according to a preset timeout duration calculation rule to obtain the timeout duration corresponding to the current session.
Optionally, the preset timeout duration calculation rule is: calculating the ratio of the second timeout duration to the first timeout duration, and adding the first timeout duration to the second timeout duration when the ratio is greater than a preset threshold value to obtain the timeout duration corresponding to the current session.
Optionally, the allocating an access token for the current session by using a preset unified authentication module includes:
intercepting an identity verification request corresponding to the current session by utilizing a unified authentication SDK of the preset unified authentication module;
verifying the user identity corresponding to the current session and issuing an authorization code to the user;
and verifying the authorization code by utilizing the unified authentication service of the preset unified authentication module, and issuing an access token to the user according to the authorization code.
In order to solve the above problems, the present invention further provides an enterprise-level user hierarchy session management apparatus, the apparatus comprising:
the timeout setting module is used for identifying the session type and the target access service of the current session when the session is monitored to be generated, and generating timeout duration of the current session according to the session type and the target access service;
the token distribution module is used for distributing an access token for the current session by utilizing the preset unified authentication module and starting the countdown of the timeout duration of the current session;
and the session interception module is used for intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and ending the current session when the countdown is finished.
Optionally, the timeout setting module identifies a session type of the current session and the target access service by:
acquiring a session request initiated by a user, and analyzing the session request to obtain a session type identifier and a target access service;
and judging whether the session type of the current session is a local session or a global session according to the session type identification.
Optionally, the timeout setting module generates the timeout duration of the current session by:
acquiring a preset first timeout duration corresponding to each session type;
acquiring a second timeout duration corresponding to the target access service from a preset access service and session timeout duration table;
and combining the first timeout duration and the second timeout duration according to a preset timeout duration calculation rule to obtain the timeout duration corresponding to the current session.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
a memory storing at least one computer program; and
And the processor executes the program stored in the memory to realize the enterprise-level user system session management method.
In order to solve the above-mentioned problems, the present invention further provides a computer readable storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the above-mentioned enterprise-level user hierarchy session management method.
According to the embodiment of the invention, the overtime time of the current session is generated according to the session type and the target access service of the current session, the personalized customization of the overtime time of the current session is realized, the rationality of the overtime management of the session is improved, and meanwhile, when the target access service of the current session is changed, the access token is refreshed by utilizing the preset unified authentication service in order to prevent the access token from being directly stolen by a third party application program, and compared with a constant token mechanism, the access token is refreshed in time, thereby being beneficial to improving the security of the session.
Drawings
FIG. 1 is a flow chart of a method for enterprise-level user system session management according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a detailed implementation of one of the steps in the session management method of the enterprise-level user system according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a detailed implementation of one of the steps in the session management method of the enterprise-level user system according to an embodiment of the present invention;
FIG. 4 is a functional block diagram of an enterprise-level user system session management device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the enterprise-level user architecture session management method according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides an enterprise-level user system session management method. The execution subject of the enterprise-level user hierarchy session management method includes, but is not limited to, at least one of a server, a terminal, etc. capable of being configured to execute the method provided by the embodiments of the present application. In other words, the enterprise-level user hierarchy session management method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (ContentDelivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a method for managing sessions of an enterprise-level user system according to an embodiment of the present invention is shown. In this embodiment, the method for managing a session of an enterprise-level user hierarchy includes:
s1, when the generation of a session is monitored, identifying the session type and the target access service of the current session, and generating the timeout duration of the current session according to the session type and the target access service;
in the embodiment of the invention, a financial service system is taken as an example to describe the enterprise-level user system session management method. The financial services system provides services to users including, but not limited to, securities, insurance, banking, etc. The financial business system can be distributed, and different servers are deployed on different network nodes to provide services in different business fields.
In the embodiment of the invention, a buried point mechanism can be utilized to capture the session generated by the financial service system by monitoring the session request initiated by the user.
In detail, the identifying the session type of the current session and the target access service includes:
acquiring a session request initiated by a user, and analyzing the session request to obtain a session type identifier and a target access service;
and judging whether the session type of the current session is a local session or a global session according to the session type identification.
In the embodiment of the invention, the session type identifier may be a symbol customized by the financial service system and used for distinguishing the session type.
In the embodiment of the invention, the session types comprise a global session and a local session. A global session refers to a session shared between multiple applications or services that allows a user to maintain consistent identity and state between different applications or services in order to seamlessly switch and access different resources. Local sessions refer to sessions created and managed within a single application or service, which are typically used to track the state and interactions of users within an application in order to provide personalized services and functions.
In the embodiment of the invention, the target access service refers to a service provided by the financial service system which needs to interact with the current session, for example, an insurance claim service, a security buying service and the like.
It will be appreciated that different target access services may differ in the speed, response time and processing power at which user requests are processed, and thus, differences in target access services may result in differences in session duration.
In detail, as shown in fig. 2, the generating the timeout period of the current session according to the session type and the target access service includes:
s11, acquiring a preset first timeout duration corresponding to each session type;
s12, acquiring a second timeout duration corresponding to the target access service from a preset access service and session timeout duration table;
s13, according to a preset timeout duration calculation rule, combining the first timeout duration and the second timeout duration to obtain the timeout duration corresponding to the current session.
In the embodiment of the present invention, the first timeout period may be set according to a calendar experience value, for example, for a global session, the financial service system may set the first timeout period of the global session to 7200 seconds.
In the embodiment of the invention, the preset access service and session timeout duration table refers to session timeout durations corresponding to each type of access service planned in advance according to the service quality, function and capability of the target access service, user requirements, targets, user experience, interface design and other angles.
In the embodiment of the invention, the preset timeout duration calculation rule can be set according to the operation requirement of the actual financial service system. For example, a ratio of the second timeout period to the first timeout period is calculated, and when the ratio is greater than a preset threshold, for example, when the ratio is greater than 25%, the timeout period of the current session may be obtained by adding the first timeout period to the second timeout period.
According to the embodiment of the invention, the overtime time of the current session is generated according to the session type and the target access service of the current session, so that the personalized customization of the overtime time of the current session is realized, and the rationality of the overtime management of the session is improved.
S2, distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session;
in the embodiment of the invention, the preset unified authentication module can comprise two modules of a unified authentication SDK and a unified authentication service, wherein the unified authentication SDK is mainly used for assisting the financial service system to quickly access a unified authentication service related interface and providing a unified interceptor for intercepting an unauthenticated request and a session transfer function. The unified authentication service may utilize OAuth protocol to provide a unified authentication interface for the financial services system.
In detail, referring to fig. 3, the allocating an access token for the current session by using the preset unified authentication module includes:
s21, intercepting an identity verification request corresponding to the current session by utilizing a unified authentication SDK of the preset unified authentication module;
s22, verifying the user identity corresponding to the current session and issuing an authorization code to the user;
s23, verifying the authorization code by utilizing the unified authentication service of the preset unified authentication module, and issuing an access token to the user according to the authorization code.
In the embodiment of the invention, the countdown service of the session timeout duration corresponding to the current session can be automatically started by utilizing the self-timer function of the financial service system.
The embodiment of the invention distributes the access token for the session generated by the financial service system through the preset unified authentication module, can realize unified management of all the sessions, activates the countdown function of the timeout duration of the current session, and monitors whether the timeout of the current session is ended or not in real time.
And S3, judging whether the countdown is finished, when the countdown is not finished, executing S4, judging whether the target access service of the current session is changed, when the target access service is not changed, returning to the step S3, executing S6, intercepting the current session, calling the unified authentication module to refresh the current session access token, and when the countdown is finished, executing S5, and finishing the current session.
In the embodiment of the invention, the session of the financial service system, whether the session is a global session or a local session, and the access token corresponding to each session needs timely attributes, so that on one hand, the durability of the session can be maintained, and on the other hand, the session hijacking person can be prevented from stealing the access token to access the first resource or execute unauthorized operation.
In the embodiment of the invention, the access token can be refreshed regularly, the current session can be intercepted by utilizing the unified authentication SDK of the preset unified authentication module and a new access token can be distributed for the current session by utilizing the unified authentication service of the preset unified authentication module when the change of the target access service of the current session is monitored.
According to the embodiment of the invention, the overtime time of the current session is generated according to the session type and the target access service of the current session, the personalized customization of the overtime time of the current session is realized, the rationality of the overtime management of the session is improved, and meanwhile, when the target access service of the current session is changed, the access token is refreshed by utilizing the preset unified authentication service in order to prevent the access token from being directly stolen by a third party application program, and compared with a constant token mechanism, the access token is refreshed in time, thereby being beneficial to improving the security of the session.
Fig. 4 is a functional block diagram of an enterprise-level user system session management device according to an embodiment of the present invention.
The enterprise-level user hierarchy session management apparatus 100 of the present invention may be installed in an electronic device. The enterprise-level user hierarchy session management device 100 may include a timeout setting module 101, a token assignment module 102, and a session interception module 103, depending on the functions implemented. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the timeout setting module 101 is configured to identify a session type and a target access service of a current session when the occurrence of the session is detected, and generate a timeout duration of the current session according to the session type and the target access service;
the token allocation module 102 is configured to allocate an access token for a current session by using a preset unified authentication module, and start counting down of a timeout duration of the current session;
the session interception module 103 is configured to intercept the current session before the countdown is finished and when it is detected that the target access service of the current session changes, invoke the unified authentication module to refresh the current session access token, and end the current session when the countdown is finished.
In detail, each module in the enterprise-level user system session management apparatus 100 in the embodiment of the present invention adopts the same technical means as the enterprise-level user system session management method described in fig. 1 to 3 and can produce the same technical effects, which are not described herein.
Fig. 5 is a schematic structural diagram of an electronic device implementing a session management method of an enterprise-level user system according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as an enterprise-level user hierarchy session management program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as code of an enterprise-level user hierarchy session management program, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device 1 and processes data by running or executing programs or modules (e.g., an enterprise-level user-hierarchy session management program, etc.) stored in the memory 11, and calling data stored in the memory 11.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 5 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The enterprise-level user hierarchy session management program stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, may implement:
when the generation of the session is monitored, the session type and the target access service of the current session are identified, and the timeout duration of the current session is generated according to the session type and the target access service;
distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session;
and intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and finishing the current session when the countdown is finished.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
when the generation of the session is monitored, the session type and the target access service of the current session are identified, and the timeout duration of the current session is generated according to the session type and the target access service;
distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session;
and intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and finishing the current session when the countdown is finished.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. A method for enterprise-level user hierarchy session management, the method comprising:
when the generation of the session is monitored, the session type and the target access service of the current session are identified, and the timeout duration of the current session is generated according to the session type and the target access service;
distributing an access token for the current session by using a preset unified authentication module, and starting the countdown of the timeout duration of the current session;
and intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and finishing the current session when the countdown is finished.
2. The enterprise-level user hierarchy session management method of claim 1, wherein identifying the session type and target access service of the current session comprises:
acquiring a session request initiated by a user, and analyzing the session request to obtain a session type identifier and a target access service;
and judging whether the session type of the current session is a local session or a global session according to the session type identification.
3. The method for managing sessions in an enterprise-class user hierarchy as claimed in claim 1, wherein the generating a timeout period for the current session according to the session type and the target access service comprises:
acquiring a preset first timeout duration corresponding to each session type;
acquiring a second timeout duration corresponding to the target access service from a preset access service and session timeout duration table;
and combining the first timeout duration and the second timeout duration according to a preset timeout duration calculation rule to obtain the timeout duration corresponding to the current session.
4. The enterprise-level user hierarchy session management method of claim 1, wherein the preset timeout period calculation rule is: calculating the ratio of the second timeout duration to the first timeout duration, and adding the first timeout duration to the second timeout duration when the ratio is greater than a preset threshold value to obtain the timeout duration corresponding to the current session.
5. The method for managing sessions in an enterprise-class user hierarchy as claimed in claim 1, wherein the assigning an access token for the current session using a preset unified authentication module comprises:
intercepting an identity verification request corresponding to the current session by utilizing a unified authentication SDK of the preset unified authentication module;
verifying the user identity corresponding to the current session and issuing an authorization code to the user;
and verifying the authorization code by utilizing the unified authentication service of the preset unified authentication module, and issuing an access token to the user according to the authorization code.
6. An enterprise-level user hierarchy session management apparatus, the apparatus comprising:
the timeout setting module is used for identifying the session type and the target access service of the current session when the session is monitored to be generated, and generating timeout duration of the current session according to the session type and the target access service;
the token distribution module is used for distributing an access token for the current session by utilizing the preset unified authentication module and starting the countdown of the timeout duration of the current session;
and the session interception module is used for intercepting the current session before the countdown is finished and when the change of the target access service of the current session is monitored, calling the unified authentication module to refresh the current session access token, and ending the current session when the countdown is finished.
7. The enterprise-class user hierarchy session management apparatus of claim 6, wherein the timeout setting module identifies the session type and target access service of the current session by:
acquiring a session request initiated by a user, and analyzing the session request to obtain a session type identifier and a target access service;
and judging whether the session type of the current session is a local session or a global session according to the session type identification.
8. The enterprise level user hierarchy session management apparatus of claim 6, wherein the timeout setting module generates the timeout period for the current session by:
acquiring a preset first timeout duration corresponding to each session type;
acquiring a second timeout duration corresponding to the target access service from a preset access service and session timeout duration table;
and combining the first timeout duration and the second timeout duration according to a preset timeout duration calculation rule to obtain the timeout duration corresponding to the current session.
9. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the enterprise level user hierarchy session management method of any one of claims 1 to 5.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the enterprise-level user hierarchy session management method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311612754.8A CN117614706A (en) | 2023-11-27 | 2023-11-27 | Enterprise-level user system session management method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311612754.8A CN117614706A (en) | 2023-11-27 | 2023-11-27 | Enterprise-level user system session management method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117614706A true CN117614706A (en) | 2024-02-27 |
Family
ID=89945843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311612754.8A Pending CN117614706A (en) | 2023-11-27 | 2023-11-27 | Enterprise-level user system session management method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117614706A (en) |
-
2023
- 2023-11-27 CN CN202311612754.8A patent/CN117614706A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3484125B1 (en) | Method and device for scheduling interface of hybrid cloud | |
| US10567381B1 (en) | Refresh token for credential renewal | |
| US10200362B2 (en) | Method and system for verifying an account operation | |
| US10603584B2 (en) | Dynamic resource allocation for gaming applications | |
| CN109683936B (en) | Gray scale distribution method and device, storage medium and electronic equipment | |
| US10320773B2 (en) | Validation for requests | |
| CN107548499A (en) | The technology booted safely for virtual network function | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| US20230370265A1 (en) | Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control | |
| US10291401B1 (en) | Stateless service-mediated security module | |
| US20140173706A1 (en) | Apparatus and data processing systems for accessing an object | |
| CN114020845A (en) | Block chain network management method, system, electronic equipment and storage medium | |
| CN113221154A (en) | Service password obtaining method and device, electronic equipment and storage medium | |
| US20240007457A1 (en) | Time-based token trust depreciation | |
| CN114697132B (en) | Method, device, equipment and storage medium for intercepting repeated access request attack | |
| CN114666408B (en) | Market condition factor data transparent transmission method, device, equipment and medium based on Internet | |
| CN117614706A (en) | Enterprise-level user system session management method, device, equipment and medium | |
| CN112988888B (en) | Key management method, device, electronic equipment and storage medium | |
| CN115021995A (en) | Multi-channel login method, device, equipment and storage medium | |
| CN111367573B (en) | Equipment login method, device, storage medium and computer equipment | |
| CN112487400A (en) | Single sign-on method and device based on multiple pages, electronic equipment and storage medium | |
| CN111507728A (en) | Payment configuration method and device | |
| CN111683070A (en) | Data transmission method and device based on identity encryption and storage medium | |
| CN116843454B (en) | Channel information management method, device, equipment and medium | |
| CN116361753B (en) | Authority authentication method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |