CN104410650A - Method for authenticating user based on Session and Cookie - Google Patents

Method for authenticating user based on Session and Cookie Download PDF

Info

Publication number
CN104410650A
CN104410650A CN201410815092.9A CN201410815092A CN104410650A CN 104410650 A CN104410650 A CN 104410650A CN 201410815092 A CN201410815092 A CN 201410815092A CN 104410650 A CN104410650 A CN 104410650A
Authority
CN
China
Prior art keywords
server
session
client
cookie
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410815092.9A
Other languages
Chinese (zh)
Inventor
陈晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Jinwangtong Electronic Technology Co Ltd
Original Assignee
Sichuan Jinwangtong Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Jinwangtong Electronic Technology Co Ltd filed Critical Sichuan Jinwangtong Electronic Technology Co Ltd
Priority to CN201410815092.9A priority Critical patent/CN104410650A/en
Publication of CN104410650A publication Critical patent/CN104410650A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method for authenticating a user based on Session and Cookie. The method comprises the following steps that a, when a client sends an access request to a server, the server creates a Session file, the first user authentication information of the client is saved in the Session file, and the server distributes a first Session ID which is returned to the client by use of the Cookie of the server; b, when the client logs in successfully, the first Session ID is obtained from the Cookie returned by the server, and at each access to the server by the client in the future, the client takes the first Session ID as a parameter for transfer to the server via the Cookie and transmits second user authentication information to the server in a GET or POST way for authentication; c, the server performs authentication after receiving the access request of the client. The method for authenticating the user based on the Session and the Cookie has the beneficial effects of guaranteeing system security and reducing the operations of user login authentication.

Description

Based on the method for Session and Cookie authentication of users
Technical field
The present invention relates to information security field, be specifically related to a kind of method based on Session and Cookie authentication of users.
Background technology
In hundred song interface exploitations, the page has a lot, and is entirely placed in public network server, carries out user rs authentication like this with regard to needs at each page, in order to check whether the user of this page of access is logged-in user, only has logged-in user just can continue access.
Seesion: also referred to as session, be user when browsing some websites, from enter website to browser close process during this period of time, namely user browses the time that this website spends.
Cookie:Cookie is generated by server end, send to User-Agent (being generally browser), the key/value of Cookie can be saved in the text under certain catalogue by browser, just sends this Cookie to server (prerequisite is that browser is set to enable cookie) during the next time of the same website of request.
Summary of the invention
Instant invention overcomes in prior art and need to carry out user rs authentication to each page, cause the deficiency of user operation complexity, providing can ensuring information safety property, and reduces the method based on Session and Cookie authentication of users of user operation.
For achieving the above object, the present invention by the following technical solutions:
Based on a method for Session and Cookie authentication of users, it is characterized in that: it comprises the following steps:
When a, user end to server send access request, server creates Session file, again the first user authorization information of client is saved in Session file, server-assignment the one Session ID, and a Session ID return client by the Cookie of server;
B, when client logs success after, just can obtain a SessionID from the Cookie that server returns, when follow-up each client-access server, client using a Session ID as parameter, pass to server by Cookie, and send to server to verify by the mode of GET or POST the second user authentication information;
C, after server receives the access request of client, first from Cookie, the 2nd Session ID is obtained, go to search identical Session file in a Session ID by the 2nd Session ID, search and whether have first user authorization information, if do not had, the then non-login user of client, server denied access, if had, server obtains the second user authentication information, and it is compared with the first user authorization information of Session file, if do not thought, then the non-login user of client is described, server denied access, if equal, then server allows access.
Compared with prior art, the invention has the beneficial effects as follows:
Apply the method for authentication of users of the present invention, as long as user logs in any one browser page, just there are rights of using with other browser pages be associated in this server automatically, while ensureing system safety, decrease the operation of user login validation.
Embodiment
Based on a method for Session and Cookie authentication of users, it is characterized in that: it comprises the following steps:
When a, user end to server send access request, server creates Session file, again the first user authorization information of client is saved in Session file, such as, first user authorization information (such as, user id) is saved in Session file; Then server can by this Session file with " sess_ " and the file name formats of+sessionid be saved in server (for the catalogue of I local Apache for D: Program Files (x86) wamp tmp), open file and can see uid|s:2: " 34 "; Similar data, wherein uid leaves the variable in this dialogue in, and s represents data length, and inside double quotation marks is exactly the value of uid.Server-assignment the one Session ID, and a Session ID returns client by the Cookie of server;
B, when client logs success after, just can obtain a SessionID from the Cookie that server returns, when follow-up each client-access server, client using a Session ID as parameter, pass to server by Cookie, and send to server to verify by the mode of GET or POST the second user authentication information;
C, after server receives the access request of client, first from Cookie, the 2nd Session ID is obtained, go to search identical Session file in a Session ID by the 2nd Session ID, search and whether have first user authorization information, if do not had, the then non-login user of client, server denied access, if had, server obtains the second user authentication information, and it is compared with the first user authorization information of Session file, if do not thought, then the non-login user of client is described, server denied access, if equal, then server allows access.
Above embodiment is described in detail to essence of the present invention; but can not limit protection scope of the present invention; apparently; under enlightenment of the present invention; the art those of ordinary skill can also carry out many improvement and modification; it should be noted that these improve and modify all to drop within claims of the present invention.

Claims (1)

1. based on a method for Session and Cookie authentication of users, it is characterized in that: it comprises the following steps:
When a, user end to server send access request, server creates Session file, again the first user authorization information of client is saved in Session file, server-assignment the one SessionID, and a Session ID return client by the Cookie of server;
B, when client logs success after, just can obtain a SessionID from the Cookie that server returns, when follow-up each client-access server, client using a Session ID as parameter, pass to server by Cookie, and send to server to verify by the mode of GET or POST the second user authentication information;
C, after server receives the access request of client, first from Cookie, the 2nd SessionID is obtained, go to search identical Session file in a Session ID by the 2nd Session ID, search and whether have first user authorization information, if do not had, the then non-login user of client, server denied access, if had, server obtains the second user authentication information, and it is compared with the first user authorization information of Session file, if do not thought, then the non-login user of client is described, server denied access, if equal, then server allows access.
CN201410815092.9A 2014-12-24 2014-12-24 Method for authenticating user based on Session and Cookie Pending CN104410650A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410815092.9A CN104410650A (en) 2014-12-24 2014-12-24 Method for authenticating user based on Session and Cookie

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410815092.9A CN104410650A (en) 2014-12-24 2014-12-24 Method for authenticating user based on Session and Cookie

Publications (1)

Publication Number Publication Date
CN104410650A true CN104410650A (en) 2015-03-11

Family

ID=52648248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410815092.9A Pending CN104410650A (en) 2014-12-24 2014-12-24 Method for authenticating user based on Session and Cookie

Country Status (1)

Country Link
CN (1) CN104410650A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610855A (en) * 2016-01-21 2016-05-25 北京京东尚科信息技术有限公司 Method and device for login verification of cross-domain system
CN106713501A (en) * 2017-02-13 2017-05-24 四川商通实业有限公司 Terminal positioning method of ActiveX component based on WEB application
CN107092535A (en) * 2017-04-18 2017-08-25 上海雷腾软件股份有限公司 Method and apparatus for the data storage of test interface
CN107786489A (en) * 2016-08-24 2018-03-09 腾讯科技(深圳)有限公司 Access request verification method and device
CN109787937A (en) * 2017-11-14 2019-05-21 龙芯中科技术有限公司 Method of counting, device and the server of access times
CN110719311A (en) * 2018-07-13 2020-01-21 深圳兆日科技股份有限公司 Distributed coordination service method, system and computer readable storage medium
CN110913011A (en) * 2019-12-05 2020-03-24 东软集团股份有限公司 Session keeping method, session keeping device, readable storage medium and electronic equipment
CN111385313A (en) * 2020-05-28 2020-07-07 支付宝(杭州)信息技术有限公司 Method and system for verifying object request validity
CN111641654A (en) * 2020-06-01 2020-09-08 深圳市天择教育科技有限公司 Cross-domain single sign-on method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083539A (en) * 2006-05-30 2007-12-05 卓望数码技术(深圳)有限公司 Switch gateway based real-time stream media content counting methodand system
CN101374047A (en) * 2007-08-21 2009-02-25 Nhn公司 User authentication system using IP address and method thereof
CN101651671A (en) * 2008-08-14 2010-02-17 鸿富锦精密工业(深圳)有限公司 Inter-system subscriber identity authentication system and method
US20130086656A1 (en) * 2011-10-04 2013-04-04 Qualcomm Incorporated Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083539A (en) * 2006-05-30 2007-12-05 卓望数码技术(深圳)有限公司 Switch gateway based real-time stream media content counting methodand system
CN101374047A (en) * 2007-08-21 2009-02-25 Nhn公司 User authentication system using IP address and method thereof
CN101651671A (en) * 2008-08-14 2010-02-17 鸿富锦精密工业(深圳)有限公司 Inter-system subscriber identity authentication system and method
US20130086656A1 (en) * 2011-10-04 2013-04-04 Qualcomm Incorporated Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
姜晗,任翠池,王磊: "《基于Cookie和Session的身份认证机制的研究与实现》", 《技术在线》 *
柳丽娜: "《浅谈Session机制与Cookie机制》", 《软件开发与设计》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610855A (en) * 2016-01-21 2016-05-25 北京京东尚科信息技术有限公司 Method and device for login verification of cross-domain system
CN107786489A (en) * 2016-08-24 2018-03-09 腾讯科技(深圳)有限公司 Access request verification method and device
CN106713501A (en) * 2017-02-13 2017-05-24 四川商通实业有限公司 Terminal positioning method of ActiveX component based on WEB application
CN106713501B (en) * 2017-02-13 2019-11-26 四川商通实业有限公司 The method of locating terminal of ActiveX component based on WEB application
CN107092535B (en) * 2017-04-18 2020-06-19 上海雷腾软件股份有限公司 Method and apparatus for data storage of test interface
CN107092535A (en) * 2017-04-18 2017-08-25 上海雷腾软件股份有限公司 Method and apparatus for the data storage of test interface
CN109787937A (en) * 2017-11-14 2019-05-21 龙芯中科技术有限公司 Method of counting, device and the server of access times
CN110719311A (en) * 2018-07-13 2020-01-21 深圳兆日科技股份有限公司 Distributed coordination service method, system and computer readable storage medium
CN110719311B (en) * 2018-07-13 2022-03-18 深圳兆日科技股份有限公司 Distributed coordination service method, system and computer readable storage medium
CN110913011A (en) * 2019-12-05 2020-03-24 东软集团股份有限公司 Session keeping method, session keeping device, readable storage medium and electronic equipment
CN110913011B (en) * 2019-12-05 2022-12-20 东软集团股份有限公司 Session holding method, session holding device, readable storage medium and electronic device
CN111385313A (en) * 2020-05-28 2020-07-07 支付宝(杭州)信息技术有限公司 Method and system for verifying object request validity
CN111641654A (en) * 2020-06-01 2020-09-08 深圳市天择教育科技有限公司 Cross-domain single sign-on method

Similar Documents

Publication Publication Date Title
CN104410650A (en) Method for authenticating user based on Session and Cookie
US9386007B2 (en) Multi-domain applications with authorization and authentication in cloud environment
EP3329653B1 (en) Token scope reduction
DE102018121306A1 (en) Identity verification while respecting privacy
US20230370464A1 (en) Systems and methods for controlling sign-on to web applications
US9805185B2 (en) Disposition engine for single sign on (SSO) requests
CN107172054B (en) Authority authentication method, device and system based on CAS
EP2963884B1 (en) Bidirectional authorization system, client and method
DE202016107487U1 (en) Authentication of a local device
CN106452814B (en) A kind of method and apparatus using external account operating resource
JP2015049755A5 (en)
EP3127293B1 (en) Distributed authentication system and method
JP2016532934A5 (en)
CN105354451B (en) Access authentication method and system
WO2009039160A3 (en) Method and system for storing and using a plurality of passwords
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
US9332433B1 (en) Distributing access and identification tokens in a mobile environment
CN104836803A (en) Single sign-on method based on session mechanism
CN103139200A (en) Single sign-on method of web service
DE102008024783A1 (en) Secure, browser-based single sign-on with client certificates
US20160212123A1 (en) System and method for providing a certificate by way of a browser extension
CN102025495A (en) SAML2.0-based identity authentication and management
US20180183782A1 (en) Single Sign-On for Interconnected Computer Systems
CN103095825B (en) A kind of approaches to IM of the Internet and system, server
CN105592009A (en) Method and device for retrieving or modifying login password

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150311