CN110166577B - Distributed application group session processing system and method - Google Patents

Distributed application group session processing system and method Download PDF

Info

Publication number
CN110166577B
CN110166577B CN201910584039.5A CN201910584039A CN110166577B CN 110166577 B CN110166577 B CN 110166577B CN 201910584039 A CN201910584039 A CN 201910584039A CN 110166577 B CN110166577 B CN 110166577B
Authority
CN
China
Prior art keywords
application
session
group
client
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910584039.5A
Other languages
Chinese (zh)
Other versions
CN110166577A (en
Inventor
曹黎明
葛佳伟
刘利勇
奚翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201910584039.5A priority Critical patent/CN110166577B/en
Publication of CN110166577A publication Critical patent/CN110166577A/en
Application granted granted Critical
Publication of CN110166577B publication Critical patent/CN110166577B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A distributed application group session processing system and method specifically includes: the client component stores the login session of the current user on the platform group and the key information of the application sessions on the plurality of application groups; the platform group stores all function lists, all application group information and the association relation between the functions and the application groups contained in the application system; the client is responsible for authenticating user login, processing login session information and outputting current menu function list data visible to a current user and current all application group information to the client; the system comprises a plurality of application groups, a server and a plurality of application groups, wherein each application group is responsible for realizing application logic of a class of products and creating and processing application sessions of the server; the same user can use a plurality of functions in one login, and then the client can access a plurality of application groups; an application group may handle application requests from multiple users simultaneously, handling multiple application sessions.

Description

Distributed application group session processing system and method
Technical Field
The invention relates to a distributed application group session processing method and a distributed application group session processing system, in particular to a distributed application group session processing method of a large-scale internet application system after being split into a platform group and a plurality of application group subsystems and a distributed application group session processing system integrating all groups to form a unified user view.
Background
The large-scale internet application system generally provides a user with a plurality of product functions, and the product functions are displayed on a user view in a menu or icon organization mode, the menu functions usually correspond to a plurality of background service line systems which are independently developed, operated and maintained, and the service functions are accessed with different frequencies and have different requirements on system load capacity. In the overall architecture design of a unified front-end interface view and a dispersed background system of a large-scale application system, a client is generally connected with a platform group subsystem and is responsible for user login authentication, login session information, session life cycle processing and user visible function menu view output presentation; in addition, the client needs to connect a plurality of mutually independent application group subsystems to process access requests of different users to different service application functions, and each application group subsystem also needs to authenticate the user and create and process application session information and an application session life cycle when receiving the user request and executing service processing. The application session lifecycle on multiple application group subsystems that are independent of each other and the login session lifecycle on the platform group need to be coordinated, unified and effectively processed to provide consistent user experience.
In the prior art, a large application system in the industry has various methods based on server-side processing in the aspect of solving the problem of unified processing of multiple session life cycles of subsystems.
One way is that all application session information established after the user logs in is registered by the platform group at the server side in a unified way, and the application group which the user has visited once is assumed to continue visiting in the login, so that when a certain application group requests to visit and updates the self session timestamp, the platform group needs to be informed in time to update the login session timestamp, and then the platform group sends the notification of updating the session timestamp to other application groups. In fact, after a certain service application function is clicked by many users, the login does not continue to access the function, and therefore, the scheme wastes server resources of the application group.
The other method is that each group centrally shares session information through a distributed cache system, an application group directly copies a login session shared by a platform group to the distributed cache system to a local server, and uses a copy of the login session at the local server as an own application session, which needs to keep the consistency of the local session information copy of the server and the session information in the cache system in real time, each time the session timestamp requested by the application group is updated, the local session information copy is updated, the session information in the cache system is also updated, and then other group servers update the local session copy in real time, therefore, the cache system related to each application server reading and writing the own server is large in performance consumption, the availability of the cache system restricts the availability of each group, and each application group is not independent any more, the problem isolation capability is poor.
Disclosure of Invention
In view of the above-mentioned needs and problems, an object of the present invention is to provide a solution based on a client, which emphasizes on solving the problems of security, consistency and efficiency of the distributed inter-group login session and the coordination of the life cycles of multiple application sessions, and meanwhile, keeps mutual independence between groups.
To achieve the above object, the distributed application group session processing system provided by the present invention specifically includes a client, a platform group and a plurality of application groups; the client comprises a client component and a client interface; the client interface is used for providing a user input channel and a client information display interface; the client component is used for receiving a login request initiated by a user and outputting the login request to the platform group; and storing the received function menu, application group registration information and login session information to the local; receiving an application input instruction of a user, and locally querying according to the application input instruction to obtain a corresponding application group identifier; inquiring whether a corresponding application session exists locally or not according to the application group identifier; when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL; the received application execution result is displayed and output to a user, the timestamp of the application session of the client is updated, and a login session timestamp update confirmation is sent to the platform group; the platform group is used for carrying out user identity authentication according to the received login authentication, creating a login session after the authentication is passed, inquiring and obtaining a function menu and application group registration information corresponding to the user identity, and feeding back the function menu, the application group registration information and the login session information to the client; updating, confirming and updating the login session timestamp of the server side according to the login session timestamp; and the application group is used for updating the application session timestamp of the server according to the application session identifier, executing corresponding application logic according to the user input function identifier and returning an application execution result.
In the above distributed application group session processing system, preferably, the client component includes a front-end service module, a session processing module, an application group, and a function registration information storage module; the front-end service module is used for providing interface channels for login, sign-off and application function access for the client-side interface; the application group and function registration information storage module is used for storing a function menu and application group registration information and the incidence relation between each function and the application group; the session processing module is used for storing the login session information and the application session information, and creating, destroying or updating a time stamp of the application session.
In the distributed application group session processing system, preferably, the platform group includes a login session processing unit, an application group and function registration information processing unit, and an application session creation token generation unit; the login session processing unit is used for executing user login authentication, creation, destruction or timestamp updating processing of server side login session information; the application group and function registration information processing unit is used for storing all function menu resources and application group registration information of the application system; feeding back the function menu and the application group registration information to the client; wherein each function in the function menu resource includes a corresponding application group identification; the application group registration information comprises an application session creation identifier, a destruction URL and an application function access URL corresponding to the application group; the application session creation token generation unit is used for generating token data according to a user login authentication result, symmetrically encrypting the token data and signing the token, and then feeding the token data back to the client.
In the above distributed application group session processing system, preferably, the system further includes: when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL; the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed; the client component receives and saves the application session identification.
In the above distributed application group session processing system, preferably, the application group includes an application session processing unit and an application function implementing unit; the application session processing unit is used for executing application session identification verification and creating, destroying or updating a time stamp of the application session of the server side; the application function realizing unit is used for executing corresponding application logic according to the user input function identification.
In the above distributed application group session processing system, preferably, the system further includes a load balancing device; the load balancing equipment is used for forwarding the client output data to the platform group or the corresponding application group.
The invention also provides a distributed application group session processing method, which comprises the following steps: a client receives a login request initiated by a user and outputs the login request to a platform group; the platform group carries out user identity authentication according to the received login authentication, creates login session information after the authentication is passed, inquires and obtains a function menu and application group registration information corresponding to the user identity, and feeds back the function menu, the application group registration information and the login session information to the client; the client stores the received function menu, application group registration information and login session information to the local; the client receives an application input instruction of a user, and obtains a corresponding application group identifier according to local query of the application input instruction; inquiring whether a corresponding application session exists locally or not according to the application group identifier; when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL; the application group updates an application session timestamp of the server end according to the application session identifier, executes corresponding application logic according to the user input function identifier and returns an application execution result; the client displays and outputs the application execution result to a user, updates the timestamp of the application session of the client and sends a login session timestamp update confirmation to the platform group; and the platform group updates, confirms and updates the login session timestamp of the server side according to the login session timestamp.
In the above distributed application group session processing method, preferably, the method further includes: and the platform group generates token data according to a user login authentication result, symmetrically encrypts the token data and signs the token, and feeds the token data back to the client.
In the above distributed application group session processing method, preferably, the method further includes: when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL; the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed; the client component receives and saves the application session identification.
In the above distributed application group session processing method, preferably, the method further includes: after the user signs back, the client locally acquires a login session identifier, an application session identifier and an application group identifier list; according to the application group identification list, obtaining a session destruction service URL of the corresponding application group in locally stored application group registration information, and according to the session destruction service URL, asynchronously sending an application session identification and an application session cleaning notification to the corresponding application group; asynchronously sending a login session cleaning notification to the platform group according to the login session identifier; the platform group cleans login session data of a server side according to the login session cleaning notification; and the application group cleans the session data of the server side according to the application session cleaning notification.
In the above distributed application group session processing method, preferably, the method further includes: the client detects the timestamps of all locally stored application sessions according to a preset period; when the timestamp of the application session exceeds the preset timeout threshold of the current time, sending an application session cleaning notification to an application group corresponding to the application session; and the application group cleans the session data of the server side according to the application session cleaning notification.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method when executing the computer program.
The present invention also provides a computer-readable storage medium storing a computer program for executing the above method.
The invention has the beneficial technical effects that: each module of the system can effectively process the session life cycle of the platform group and the application groups, and the security of the platform and the application groups is ensured by encrypting and signing the messages of the platform and the application groups for the first time. By registering the application groups and the respective three service URL (session creation, session destruction and function access) information to the platform group, the platform group can communicate with each application group by using a uniform processing mode without special processing, and can join a new application group at any time. By storing the effective session information of the application group in the client in a centralized manner, the communication security can be ensured in the https application, and the local session of the application group does not need to be established once for each function access request in the continuous application group function access process, so that the response speed of the application service is improved, and the cost of session establishment/destruction is reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a schematic diagram of a distributed application group session processing system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a distributed application group session processing system according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a client component according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a platform group according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating an embodiment of a platform group database ER according to the present invention;
fig. 6 is a schematic structural diagram of an application group according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a client session processing module according to an embodiment of the present invention;
FIG. 8 is a schematic diagram illustrating an interaction flow of application session creation according to an embodiment of the present invention;
FIG. 9 is a schematic diagram illustrating an overall interaction flow for accessing an application by a user according to an embodiment of the present invention;
FIG. 10 is a schematic diagram illustrating a session cleaning interaction flow of a user sign-off system according to an embodiment of the present invention;
fig. 11 is a flowchart illustrating a distributed application group session processing method according to an embodiment of the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided with reference to the drawings and examples, so that how to apply the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented. It should be noted that, unless otherwise specified, the embodiments and features of the embodiments of the present invention may be combined with each other, and the technical solutions formed are within the scope of the present invention.
Additionally, the steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions and, although a logical order is illustrated in the flow charts, in some cases, the steps illustrated or described may be performed in an order different than here.
The invention subsequently refers to the platform group subsystem as the platform group; the application group subsystem is called an application group for short; a session created by the platform group is called a login session; and the session created by the application group is used as the application session.
Referring to fig. 1, the distributed application group session processing system provided by the present invention specifically includes a client, a platform group and a plurality of application groups; the client comprises a client component and a client interface; the client interface is used for providing a user input channel and a client information display interface; the client component is used for receiving a login request initiated by a user and outputting the login request to the platform group; and storing the received function menu, application group registration information and login session information to the local; receiving an application input instruction of a user, and locally querying according to the application input instruction to obtain a corresponding application group identifier; inquiring whether a corresponding application session exists locally or not according to the application group identifier; when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL; the received application execution result is displayed and output to a user, the timestamp of the application session of the client is updated, and a login session timestamp update confirmation is sent to the platform group; the platform group is used for carrying out user identity authentication according to the received login authentication, creating a login session after the authentication is passed, inquiring and obtaining a function menu and application group registration information corresponding to the user identity, and feeding back the function menu, the application group registration information and the login session information to the client; updating, confirming and updating the login session timestamp of the server side according to the login session timestamp; and the application group is used for updating the application session timestamp of the server according to the application session identifier, executing corresponding application logic according to the user input function identifier and returning an application execution result. In practical work, the distributed application group session processing system mainly comprises: 1) the client component globally stores the login session of the current user on the platform group and the key information of the application sessions on the plurality of application groups, wherein the key information comprises session identification, application group identification of the session, the last updating time and the like; the functions of registering, updating and cleaning the key information of the conversation are provided, and the functions need to communicate with the corresponding group server; the client component is also responsible for loading the current user visible function list data output from the platform group and providing the current user visible function list data to the client interface for display, and each function is associated with application group information responding to the application request. 2) A platform group for storing all function lists, all application group information and the association relationship between the functions and the application groups contained in the application system; and the client is responsible for authenticating user login, processing login session information and outputting current menu function list data visible to the current user and current all application group information to the client. 3) And each application group is responsible for realizing the application logic of a product and creating and processing an application session of a server side. The same user can use a plurality of functions in one login, and then the client can access a plurality of application groups; an application group can simultaneously process application requests from a plurality of users and process a plurality of application sessions; each time the user requests operation, the client member informs the application group to create a new application session or uses the session identifier of the created application session to communicate with the corresponding application group according to the application group information associated with the root function.
Specifically, referring to fig. 2, when the distributed application group session processing system is actually applied, the whole system may be composed of a client component 1 using a browser or APP as a carrier; a load balancing device 2 supporting a request routing function and a session holding function, such as HAProxy or Nginx open source software commonly used in the industry, serving as a soft load server, or other commercial request access gateway products; a platform group 3; a plurality of mutually independent application groups 4. The communication protocol of the client and the server is https protocol.
Referring to fig. 3 again, in an embodiment of the present invention, the client component 1 includes a front-end service module 11, a session processing module 12, an application group and function registration information storage module 13; the front-end service module 11 is configured to provide interface channels for login, sign-off, and application function access for the client interface; the application group and function registration information storage module 13 is used for storing a function menu and application group registration information, and an association relationship between each function and an application group; the session processing module 12 is configured to store the login session information and the application session information, and create, destroy, or update a timestamp of an application session. Specifically, as shown in fig. 3, in actual operation, the client component 1 includes a front-end service module 11, a session processing module 12, an application group and function registration information storage module 13; the front-end service module 11 provides interfaces for login, sign-off and application function access for the client interface and specific implementation; the application group and function registration information storage module 13 stores all function lists returned to the client by the platform group after the user login authentication is successful, the association relationship between each function and the application group, and the registration information of all application groups; the session processing module 12 stores registration information of all sessions established by the user, including a platform login session and a plurality of application sessions, and is responsible for implementing full life cycle processing of the platform login session, creation, destruction, and timestamp update of the plurality of application sessions.
Referring to fig. 4 again, in an embodiment of the present invention, the platform group 3 includes a login session processing unit 31, an application group and function registration information processing unit 32, and an application session creation token generating unit 33; the login session processing unit 31 is configured to perform user login authentication, creation, destruction, or timestamp update processing of server-side login session information; the application group and function registration information processing unit 32 is configured to store all function menu resources and application group registration information of the application system; wherein each function in the function menu resource includes a corresponding application group identification; the application group registration information comprises an application session creation identifier, a destruction URL and an application function access URL corresponding to the application group; the application group and function registration information processing unit is used for feeding back a function menu and application group registration information to the client; the application session creation token generation unit 33 is configured to generate token data according to a user login authentication result, perform symmetric encryption and token signature on the token data, and then feed the token data back to the client. Thus, when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL; the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed; the client component receives and saves the application session identification. In actual operation, the platform group 3 includes a login session processing unit 31, an application group and function registration information processing unit 32, and an application session creation token generating unit 33. The login session processing unit 31 implements user login authentication, server-side login session information, and life cycle processing. The application group and function registration information processing unit 32 stores all the function menu resources of the application system and all the application group registration information in the database, the content of the information items is as shown in fig. 5, each function has an application group identification attribute for indicating which application group the function is provided by, and each application group registers the URL of the application session creation and destruction service and the URL of the corresponding application function access request. The application group and function registration information processing unit 32 is responsible for returning the menu function list visible to the current user and the application group registration information. The application session creation token generation unit 33 is responsible for generating a token message and returning the token message to the client, wherein the token message comprises two data items, namely a ciphertext d obtained by symmetrically encrypting a structured character string containing information such as a login user name, token expiration time, a user authentication mode, user operation authority and the like, and a character string s obtained by signing an original character string; the application group also needs to authenticate the user, but can utilize the existing login authentication result of the platform group without repeated authentication, and the application group only needs to perform security check on the technical level on the credibility of the authentication result from the platform group, so that the application group can focus on the realization of the application function; therefore, when a client accesses a certain application group for the first time, only one trusted token is sent to the application group for the application group to authenticate the validity of the client request, and the application group checks the token and then creates an application session; the token comprises ciphertext data obtained by symmetrically encrypting the content of the user authentication result and signature data obtained by signing by a platform group private key.
Referring to fig. 6, in an embodiment of the present invention, the application group 4 includes an application session processing unit 41 and an application function implementing unit 42; the application session processing unit is used for executing application session identification verification and creating, destroying or updating a time stamp of the application session of the server side; the application function realizing unit is used for executing corresponding application logic according to the user input function identification; in actual work, one system comprises a plurality of mutually independent application groups, and each application group 4 realizes a fixed type of service application function. The request sent by the client to the application group can be divided into two types according to the existence of the application session, one type is that the request contains an application session establishing token, which indicates that the user accesses the application group for the first time, and the application session is established and returned to the client for registration after the application group verifies that the token is valid; the second type is that the request contains application session identification, which means that the application group is accessed again, and the application group executes application service logic function after verifying the session identification. As shown in fig. 6, the application group 4 includes an application session processing unit 41 and an application function implementing unit 42, where the application session processing unit 41 is responsible for implementing the above-mentioned application session creation, application session identifier verification, and lifecycle processing of the application session at the server end; the application function implementing unit 42 is responsible for implementing specific application service logic functions.
In an embodiment of the present invention, the system may further include a load balancing device; the load balancing equipment is used for forwarding the client output data to the platform group or the corresponding application group. As can be seen in fig. 2 in particular, the load balancing device 2 is mainly used to route and forward requests from clients to a specific group, and is also responsible for SSL certificate offload and session maintenance for https requests from clients. The request routing forwarding function supports identification of URL context roots of different requests, for example, https://. the. Requests for matching URLs with https://. x.
Referring to fig. 7 again, fig. 7 shows an internal structure of the session processing module 12 in the client component 1, in which the session information storage unit 121 stores effective session information of all groups that the user currently accesses, and the information items include: application group identification, session identification, and last update timestamp. The session creating unit 122 is used for the client to initiate creating a new application session and register new application session information to the session information storage unit 121; the session information updating unit 123 is configured to update a timestamp of a certain application session by the client; the session information cleaning unit 124 is responsible for cleaning up the session records in the session information storage unit which are not updated for a long time and notifying the application group server to destroy the specified application sessions.
Referring to fig. 11, the present invention further provides a distributed application group session processing method, including: s101, a client receives a login request initiated by a user and outputs the login request to a platform group; s102, the platform group carries out user identity authentication according to the received login authentication, creates login session information after the authentication is passed, inquires and obtains a function menu and application group registration information corresponding to the user identity, and feeds the function menu, the application group registration information and the login session information back to the client; s103, the client stores the received function menu, application group registration information and login session information to the local; s104, the client receives an application input instruction of a user, and obtains a corresponding application group identifier in local query according to the application input instruction; inquiring whether a corresponding application session exists locally or not according to the application group identifier; when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL; s105, the application group updates the application session timestamp of the server end according to the application session identifier, executes corresponding application logic according to the user input function identifier and returns an application execution result; s106, the client displays and outputs the application execution result to a user, updates the timestamp of the application session of the client and sends a login session timestamp update confirmation to the platform group; s107, the platform group updates, confirms and updates the login session timestamp of the server side according to the login session timestamp.
It is worth mentioning that when a client accesses to an application on an application group for the first time, the platform group also generates token data according to a user login authentication result, and the token data is symmetrically encrypted and signed and then fed back to the client; then, when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL; the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed; the client component receives and saves the application session identification.
In an embodiment of the present invention, the method further comprises: after the user signs back, the client locally acquires a login session identifier, an application session identifier and an application group identifier list; according to the application group identification list, obtaining a session destruction service URL of the corresponding application group in locally stored application group registration information, and according to the session destruction service URL, asynchronously sending an application session identification and an application session cleaning notification to the corresponding application group; asynchronously sending a login session cleaning notification to the platform group according to the login session identifier; the platform group cleans login session data of a server side according to the login session cleaning notification; and the application group cleans the session data of the server side according to the application session cleaning notification. Specifically, referring to fig. 10, after the user signs back, the session cleaning unit 124 in the client notifies the platform group cleaning server to log in the session and notifies the plurality of application groups registered in the session information storage unit 121 to clean the interaction flow of the respective server application sessions:
step 124.1: the client acquires the login session identifier from the session information storage unit 121 and asynchronously sends a login session clear-up notification. The following steps 124.2 and 124.3 are not in sequence.
Step 124.2: and the platform group verifies the validity of the login session identifier and then cleans the login session data of the server side.
Step 124.3: the client acquires the application session identification and the application group identification list from the session information storage unit 121. For each application session information in the list, step 124.4 is performed in turn.
Step 124.4: and acquiring the session destruction service URL of the application group obtained in the last step from the application group and function registration information storage module 13, adding an application session identifier in the request, and asynchronously sending an application session cleaning notification to the corresponding application group.
Step 124.5: and the application group verifies the validity of the application session identifier and then cleans up the session data of the server side.
Therefore, the session information on the platform group and each application group is cleared in time.
In order to facilitate timely cleaning of redundant application sessions, in an embodiment of the present invention, the method further includes: the client detects the timestamps of all locally stored application sessions according to a preset period; when the timestamp of the application session exceeds the preset timeout threshold of the current time, sending an application session cleaning notification to an application group corresponding to the application session; and the application group cleans the session data of the server side according to the application session cleaning notification. Specifically, the session cleaning unit 124 in the client component periodically polls the application session information records in the session information storage unit 121, detects whether the distance between the session timestamp of each record and the current time exceeds a session timeout threshold set by the system, and for a record detected to exceed the set threshold, the session cleaning unit 124 initiates a session cleaning notification to the application group to which the record belongs. Therefore, the system can timely clear the application session established before the user logs in the system under the condition that the user does not continuously access the service application function after clicking a certain service application function.
For better understanding of the distributed application group session processing system and method provided by the present invention, the following embodiments are described in conjunction with the above embodiments to describe the distributed application group session processing system and method as a whole, and it should be understood by those skilled in the art that the following embodiments are only provided for facilitating understanding of the distributed application group session processing system and method provided by the present invention, and do not limit the same.
Referring to fig. 8, fig. 8 is a system flow for notifying a client to create an application session for an application group when a user accesses an application function for the first time, and inputs an application group identifier associated with the application function.
Step 12.1: the client session creating unit 12 assembles a request token application message, which includes a login session identifier of the platform group, and initiates an application to the platform group to acquire an application session creating token;
step 12.2: the platform group session processing unit 31 checks the validity of the login session identifier in the client request;
step 12.3: the platform group application session creation token generation unit 33 takes the assembled user authentication result message as token data;
step 12.4: the platform group application session creation token generation unit 33 performs symmetric encryption and token data signature on the token data, which requires that a symmetric encryption key file and a private key file are deployed in the platform group; and the platform group returns the encrypted ciphertext d and the signature data s to the client.
Step 12.5: after receiving the token ciphertext d and the signature data s, the client extracts a session creation service URL of the target application group from the client application group and function registration information storage module 13 according to the application group identifier, and sends an application session creation request to the URL, where the request message carries the token ciphertext data d and the signature data s;
step 12.6: the application session processing unit 41 on the application group decrypts the token cryptogram d and verifies the token signature s, which requires access to the symmetric encryption key and platform group public key files deployed on the application group server.
Step 12.7: the application session handling unit 41 on the application group creates an application session and returns a session identification to the client.
Step 12.8: the session handling module 12 in the client component saves the application session identification to its session information storage unit 121.
Referring again to fig. 9, fig. 9 is an overall interaction flow from login success to multiple access of a user to specific application functions:
step 1.1: a front-end service module 11 in a client component receives a login request initiated by a user on an interface, and triggers a client session processing module 12 to initiate a login authentication request to a platform group;
step 1.2: after the login session processing unit 31 of the platform group performs user identity authentication, login session information is created;
step 1.3: the platform group queries all function menus visible to the user and all related application group registration information, and returns the function menus and the related application group registration information to the client together with the login session identifier;
step 1.4: the application group and function registration information storage module 13 of the client component 1 loads and stores the function menu list and application group registration information; the session information storage unit 121 saves the login session information;
step 1.5: when a user clicks a certain application function, the front-end service module 11 firstly queries the application group and the function registration information storage module 13 to find out the corresponding application group identifier of the application function;
step 1.6: the session management module 12 in the client component 1 queries the session information storage unit 121 to determine whether the application group already has an application session: if not, executing step 1.7 to inform the application group to create the application session, otherwise executing step 1.8;
step 1.7: according to the flow of fig. 8, the client session processing module 12 applies for the application session creation token from the platform group 3, notifies the application group 4 of creating the application session, and then stores the application session information in the session information storage unit 121.
Step 1.8: the client front-end service module 11 acquires an application function access service URL of the application group from the application group and function registration information storage module 13, and initiates a request to the URL, where the request includes an application session identifier and a clicked function identifier.
Step 1.9: and the application group verifies the application session identifier and updates the application session timestamp of the server side.
Step 1.10: and the application group executes the application logic of the specific function according to the transmitted function identification and returns an application execution result.
Step 1.11: the client loads the application execution result and presents it to the user, and at the same time, the session update unit 123 of the client component updates the timestamp of the application session in the session information storage unit 121.
Step 1.12: the session update unit 123 of the client component informs the platform group to update the login session timestamp.
Step 1.13: and updating the server-side login session timestamp of the platform group.
Therefore, after the application request is executed, the session timestamps of the application group and the platform group corresponding to the client and the server are updated.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method when executing the computer program.
The present invention also provides a computer-readable storage medium storing a computer program for executing the above method.
The invention has the beneficial technical effects that: each module of the system can effectively process the session life cycle of the platform group and the application groups, and the security of the platform and the application groups is ensured by encrypting and signing the messages of the platform and the application groups for the first time. By registering the application groups and the respective three service URL (session creation, session destruction and function access) information to the platform group, the platform group can communicate with each application group by using a uniform processing mode without special processing, and can join a new application group at any time. By storing the effective session information of the application group in the client in a centralized manner, the communication security can be ensured in the https application, and the local session of the application group does not need to be established once for each function access request in the continuous application group function access process, so that the response speed of the application service is improved, and the cost of session establishment/destruction is reduced.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (13)

1. A distributed application group session processing system, comprising a client, a platform group, and a plurality of application groups;
the client comprises a client component and a client interface;
the client interface is used for providing a user input channel and a client information display interface;
the client component is used for receiving a login request initiated by a user and outputting the login request to the platform group; and storing the received function menu, application group registration information and login session information to the local;
receiving an application input instruction of a user, and locally querying according to the application input instruction to obtain a corresponding application group identifier; inquiring whether a corresponding application session exists locally or not according to the application group identifier;
when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL; the received application execution result is displayed and output to a user, the timestamp of the application session of the client is updated, and a login session timestamp update confirmation is sent to the platform group;
the platform group is used for carrying out user identity authentication according to the received login authentication, creating a login session after the authentication is passed, inquiring and obtaining a function menu and application group registration information corresponding to the user identity, and feeding back the function menu, the application group registration information and the login session information to the client; updating, confirming and updating the login session timestamp of the server side according to the login session timestamp;
and the application group is used for updating the application session timestamp of the server according to the application session identifier, executing corresponding application logic according to the user input function identifier and returning an application execution result.
2. The distributed application group session processing system of claim 1, wherein the client component comprises a front-end service module, a session processing module, an application group and function registration information storage module;
the front-end service module is used for providing interface channels for login, sign-off and application function access for the client-side interface;
the application group and function registration information storage module is used for storing a function menu and application group registration information and the incidence relation between each function and the application group;
the session processing module is used for storing the login session information and the application session information, and creating, destroying or updating a time stamp of the application session.
3. The distributed application group session processing system according to claim 1, wherein the platform group includes a login session processing unit, an application group and function registration information processing unit, and an application session creation token generation unit;
the login session processing unit is used for executing user login authentication, creation, destruction or timestamp updating processing of server side login session information;
the application group and function registration information processing unit is used for storing all function menu resources and application group registration information of the application system; feeding back the function menu and the application group registration information to the client; wherein each function in the function menu resource includes a corresponding application group identification; the application group registration information comprises an application session creation identifier, a destruction URL and an application function access URL corresponding to the application group;
the application session creation token generation unit is used for generating token data according to a user login authentication result, symmetrically encrypting the token data and signing the token, and then feeding the token data back to the client.
4. The distributed application group session handling system of claim 3, further comprising:
when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL;
the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed;
the client component receives and saves the application session identification.
5. The distributed application group session processing system according to claim 1, wherein the application group comprises an application session processing unit and an application function implementing unit;
the application session processing unit is used for executing application session identification verification and creating, destroying or updating a time stamp of the application session of the server side;
the application function realizing unit is used for executing corresponding application logic according to the user input function identification.
6. The distributed application group session processing system of claim 1, wherein said system further comprises a load balancing device; the load balancing equipment is used for forwarding the client output data to the platform group or the corresponding application group.
7. A distributed application group session processing method, the method comprising:
a client receives a login request initiated by a user and outputs the login request to a platform group;
the platform group carries out user identity authentication according to the received login authentication, creates login session information after the authentication is passed, inquires and obtains a function menu and application group registration information corresponding to the user identity, and feeds back the function menu, the application group registration information and the login session information to the client;
the client stores the received function menu, application group registration information and login session information to the local;
the client receives an application input instruction of a user, and obtains a corresponding application group identifier according to local query of the application input instruction; inquiring whether a corresponding application session exists locally or not according to the application group identifier; when the application session exists, obtaining an application function access service URL of the corresponding application group according to the application group identifier, and sending a user input function identifier and a locally stored application session identifier to the application group according to the application function access service URL;
the application group updates an application session timestamp of the server end according to the application session identifier, executes corresponding application logic according to the user input function identifier and returns an application execution result;
the client displays and outputs the application execution result to a user, updates the timestamp of the application session of the client and sends a login session timestamp update confirmation to the platform group;
and the platform group updates, confirms and updates the login session timestamp of the server side according to the login session timestamp.
8. The distributed application group session processing method of claim 7, wherein the method further comprises: and the platform group generates token data according to a user login authentication result, symmetrically encrypts the token data and signs the token, and feeds the token data back to the client.
9. The distributed application group session processing method of claim 8, wherein the method further comprises: when the application session does not exist, the client component obtains an application function access service URL of the corresponding application group according to the application group identifier, and sends encrypted token data and a token signature to the application group according to the application function access service URL;
the application group analyzes the encrypted token data to obtain token data, performs identity authentication on the client according to the token data and the token signature, and generates an application session identifier and feeds the application session identifier back to the client after the authentication is passed;
the client component receives and saves the application session identification.
10. The distributed application group session processing method of claim 7, wherein the method further comprises:
after the user signs back, the client locally acquires a login session identifier, an application session identifier and an application group identifier list;
according to the application group identification list, obtaining a session destruction service URL of the corresponding application group in locally stored application group registration information, and according to the session destruction service URL, asynchronously sending an application session identification and an application session cleaning notification to the corresponding application group;
asynchronously sending a login session cleaning notification to the platform group according to the login session identifier;
the platform group cleans login session data of a server side according to the login session cleaning notification;
and the application group cleans the session data of the server side according to the application session cleaning notification.
11. The distributed application group session processing method of claim 7, wherein the method further comprises: the client detects the timestamps of all locally stored application sessions according to a preset period; when the timestamp of the application session exceeds the preset timeout threshold of the current time, sending an application session cleaning notification to an application group corresponding to the application session; and the application group cleans the session data of the server side according to the application session cleaning notification.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 7 to 11 when executing the computer program.
13. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, which is executed by a computer to implement the method of any one of claims 7 to 11.
CN201910584039.5A 2019-07-01 2019-07-01 Distributed application group session processing system and method Active CN110166577B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910584039.5A CN110166577B (en) 2019-07-01 2019-07-01 Distributed application group session processing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910584039.5A CN110166577B (en) 2019-07-01 2019-07-01 Distributed application group session processing system and method

Publications (2)

Publication Number Publication Date
CN110166577A CN110166577A (en) 2019-08-23
CN110166577B true CN110166577B (en) 2022-02-08

Family

ID=67637128

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910584039.5A Active CN110166577B (en) 2019-07-01 2019-07-01 Distributed application group session processing system and method

Country Status (1)

Country Link
CN (1) CN110166577B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11025560B2 (en) 2019-05-06 2021-06-01 Citrix Systems, Inc. Method and system for sharing user configuration data between different computing sessions
US11481231B2 (en) 2019-10-02 2022-10-25 Citrix Systems, Inc. Systems and methods for intelligent application instantiation
CN112787829B (en) * 2019-11-05 2023-10-10 盒马(中国)有限公司 Task processing method and device and electronic equipment
CN111314475B (en) * 2020-02-21 2021-05-04 北京紫光展锐通信技术有限公司 Session creation method and related equipment
WO2022246799A1 (en) 2021-05-28 2022-12-01 Citrix Systems, Inc. Systems and methods for configuring application software
CN114866247B (en) * 2022-04-18 2024-01-02 杭州海康威视数字技术股份有限公司 Communication method, device, system, terminal and server

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002103465A3 (en) * 2001-05-15 2004-01-08 Automated Power Exchange Inc Method and apparatus for bundling transmission rights and energy for trading
US6772229B1 (en) * 2000-11-13 2004-08-03 Groupserve, Inc. Centrifugal communication and collaboration method
CN1832414A (en) * 2005-03-04 2006-09-13 英飞凌科技股份公司 Method of providing a plurality of group communication service communication system, group communication service system and group
WO2007013614A1 (en) * 2005-07-28 2007-02-01 Kyocera Corporation Communication method, communication system, and communication terminal
CN101272358A (en) * 2008-05-05 2008-09-24 ***通信集团公司 Method, device and system for showing user group communication ability in instant communication
CN102136919A (en) * 2010-09-01 2011-07-27 华为技术有限公司 Group session realization method and device
CN102833692A (en) * 2011-06-15 2012-12-19 中兴通讯股份有限公司 Method and server for managing cluster in digital cluster system by user
CN103973541A (en) * 2013-01-29 2014-08-06 中兴通讯股份有限公司 Method and device for sending multimedia messages to group members
CN104573921A (en) * 2014-12-18 2015-04-29 四川联友电讯技术有限公司 Group-based task allocation method through enterprise mobile office system
CN109587044A (en) * 2019-01-22 2019-04-05 腾讯科技(深圳)有限公司 Group creating, method for message interaction and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110185008A1 (en) * 2010-01-28 2011-07-28 Phac Le Tuan Methods and Apparatus for Supporting and Implementing Multi-User Interactions Including Shared Display Devices

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6772229B1 (en) * 2000-11-13 2004-08-03 Groupserve, Inc. Centrifugal communication and collaboration method
WO2002103465A3 (en) * 2001-05-15 2004-01-08 Automated Power Exchange Inc Method and apparatus for bundling transmission rights and energy for trading
CN1832414A (en) * 2005-03-04 2006-09-13 英飞凌科技股份公司 Method of providing a plurality of group communication service communication system, group communication service system and group
WO2007013614A1 (en) * 2005-07-28 2007-02-01 Kyocera Corporation Communication method, communication system, and communication terminal
CN101272358A (en) * 2008-05-05 2008-09-24 ***通信集团公司 Method, device and system for showing user group communication ability in instant communication
CN102136919A (en) * 2010-09-01 2011-07-27 华为技术有限公司 Group session realization method and device
CN102833692A (en) * 2011-06-15 2012-12-19 中兴通讯股份有限公司 Method and server for managing cluster in digital cluster system by user
CN103973541A (en) * 2013-01-29 2014-08-06 中兴通讯股份有限公司 Method and device for sending multimedia messages to group members
CN104573921A (en) * 2014-12-18 2015-04-29 四川联友电讯技术有限公司 Group-based task allocation method through enterprise mobile office system
CN109587044A (en) * 2019-01-22 2019-04-05 腾讯科技(深圳)有限公司 Group creating, method for message interaction and device

Also Published As

Publication number Publication date
CN110166577A (en) 2019-08-23

Similar Documents

Publication Publication Date Title
CN110166577B (en) Distributed application group session processing system and method
US10382408B1 (en) Computing instance migration
US11502854B2 (en) Transparently scalable virtual hardware security module
JP6556706B2 (en) Systems and methods for encryption key management, collaboration, and distribution
US9503447B2 (en) Secure communication between processes in cloud
US11777914B1 (en) Virtual cryptographic module with load balancer and cryptographic module fleet
US20160044000A1 (en) System and method to communicate sensitive information via one or more untrusted intermediate nodes with resilience to disconnected network topology
JP2012235464A (en) Dnssec signing server
US20180034643A1 (en) SSL Gateway with Integrated Hardware Security Module
RU2003133767A (en) SYSTEM AND METHOD FOR TRANSFER OF ABBREVIATED INFORMATION FROM CERTIFICATE FOR PERFORMANCE OF ENCRYPTION OPERATIONS
CN112612985A (en) Websocket-based multi-user and multi-type message pushing system and method
US20170006091A1 (en) Providing enhanced access to remote services
US11568066B2 (en) Incorporating at-rest data encryption into a cloud-based storage architecture
CN107172001B (en) Control method and device of website proxy server and key proxy server
US11831768B2 (en) Cryptographic material sharing among entities with no direct trust relationship or connectivity
CN105306210A (en) Method, device and system for realizing authorization through application
CN101808051A (en) Application integration gateway and control method thereof
CN109918867B (en) Peer-to-peer system file tracing method based on block chain
CN109246212B (en) Multi-bank data interaction implementation method based on long connection
da Costa et al. Securing light clients in blockchain with DLCP
JP6527576B2 (en) Method, apparatus and system for acquiring local information
JP2010272951A (en) Method and server for managing distribution of shared key
US20120311337A1 (en) Method and system for signed stateless data transfer
US8312154B1 (en) Providing enhanced access to remote services
US9154548B2 (en) Auditable distribution of a data file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant