WO2016000425A1

WO2016000425A1 - Method and server for logging in to third-party site

Info

Publication number: WO2016000425A1
Application number: PCT/CN2014/094447
Authority: WO
Inventors: 朱建庭; 陈鹤童
Original assignee: 百度在线网络技术（北京）有限公司
Priority date: 2014-07-02
Filing date: 2014-12-19
Publication date: 2016-01-07
Also published as: CN104168262B; CN104168262A

Abstract

Provided are a method and device for logging in to a third-party site, the method comprising: receiving a request message sent by a traffic distribution entry product; obtaining application information of the third-party site according to the URL address and obtaining user information when logged in; encrypting according to an application key and the user information to obtain an encrypted string of user information; generating a new URL address according to the encrypted string of user information and the URL address of a third-party site page, and redirecting a browser to the new URL address, allowing the third-party site server to handle automatic user login to the third-party site. With the method, when clicking a link to visit a logged in third-party site on a traffic distribution entry product, a user can also be logged in to the third-party site without actively logging in, while still ensuring safety of the user information.

Description

登录第三方站点的方法和服务器How to log in to a third-party site and server

相关申请的交叉引用Cross-reference to related applications

本申请要求百度在线网络技术(北京)有限公司于2014年07月02日提交的、发明名称为“登录第三方站点的方法和服务器”的、中国专利申请号“201410313240.7”的优先权。This application claims the priority of the Chinese Patent Application No. "201410313240.7" filed on July 2, 2014 by Baidu Online Network Technology (Beijing) Co., Ltd., entitled "Method and Server for Logging In to Third Party Sites".

技术领域Technical field

本发明涉及通信技术领域，尤其涉及一种登录第三方站点的方法和服务器。The present invention relates to the field of communications technologies, and in particular, to a method and a server for logging in to a third-party site.

背景技术Background technique

用户可以通过流量分发入口产品访问第三方站点，流量分发入口产品包括搜索引擎或网址导航等产品。对于很多第三方站点，例如页游、购物、票务、团购等，为了获取真正有价值的服务，需要用户处于登录状态。当用户在流量分发入口产品上处于登录状态时，依然需要在第三方站点上进行登录。为了方便用户使用，需要实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态。Users can access third-party sites through traffic distribution portal products, which include products such as search engines or URL navigation. For many third-party sites, such as page tours, shopping, ticketing, group purchases, etc., in order to obtain truly valuable services, users need to be logged in. When a user is logged in on the traffic distribution portal product, they still need to log in at the third-party site. In order to facilitate the user's use, it is required that when the user clicks on the link to enter the third-party site when the user is logged in on the traffic distribution portal product, the third-party site can be logged in without being actively logged in.

相关技术中，可以将流量分发入口产品上的用户登录会话共享给第三方站点，但是，这种方式由于将用户登录会话共享给第三方站点，存在很大的安全风险。In the related art, a user login session on a traffic distribution portal product can be shared with a third-party site. However, this method has a great security risk due to sharing a user login session to a third-party site.

发明内容Summary of the invention

本发明旨在至少在一定程度上解决相关技术中的技术问题之一。The present invention aims to solve at least one of the technical problems in the related art to some extent.

为此，本发明的一个目的在于提出一种登录第三方站点的方法，该方法可以实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并保证用户信息的安全性。To this end, an object of the present invention is to provide a method for logging in to a third-party site, which can enable a user to click on a link to enter a third-party site when the user is logged in on the traffic distribution portal product, without being actively logged in, The three-party site is also logged in and ensures the security of user information.

本发明的另一个目的在于提出一种服务器。Another object of the present invention is to propose a server.

为达到上述目的，本发明第一方面实施例提出的登录第三方站点的方法，包括：接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息；根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息；根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串；根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。In order to achieve the above object, a method for logging in to a third-party site according to the first aspect of the present invention includes: receiving a request message sent by a traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access. And the user information on the traffic distribution entry product; obtaining application information of the third-party site according to the URL address, the application information of the third-party site includes an application key, and determining, according to the session information, Whether the user is logged in on the traffic distribution portal product, and obtains the user when in the login state. Information; performing encryption processing according to the application key and the user information to obtain a user information encryption string; generating a new URL address according to the user information encryption string and the URL address of the third-party site page, and Redirecting to the new URL address, so that the third-party site server obtains the user information encryption string according to the new URL address and automatically logs the user after successfully decrypting the user information encryption string Processing of the third party site.

本发明第一方面实施例提出的登录第三方站点的方法，通过对用户信息进行加密处理，根据用户信息加密串和第三方站点页面的URL地址生成新的URL地址，对用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并且由于对用户信息进行了加密，可以保证用户信息的安全性。The method for logging in to a third-party site according to the embodiment of the first aspect of the present invention, by encrypting the user information, generating a new URL address according to the URL address of the user information encryption string and the third-party site page, and automatically logging in the third party to the user The processing of the site enables the user to click on the link to enter the third-party site when the user logs in on the traffic distribution portal product, and can also log in at the third-party site without active login, and since the user information is encrypted, Ensure the security of user information.

为达到上述目的，本发明第二方面实施例提出的登录第三方站点的方法，包括：接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的；根据所述新的URL地址获取用户信息加密串；对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。In order to achieve the above object, a method for logging in to a third-party site according to the second aspect of the present invention includes: receiving a page request sent by a first server that is preset by a browser according to a new URL address, the page The request includes a new URL address, and the new URL address is generated by the first server according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is according to the third-party site. Obtained by the application key and the user information, the user information is obtained when the user is in the login state on the traffic distribution portal product; the user information encryption string is obtained according to the new URL address; and the user information encryption string is performed. Decryption processing, and after successful decryption, the user is automatically logged into the processing of the third party site.

本发明第二方面实施例提出的登录第三方站点的方法，通过接收新的URL地址，该新的URL地址是根据用户信息加密串和第三方站点页面的URL地址生成的，并从该新的URL地址中获取用户信息加密串以及进行解密，在解密后对相应的用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并且由于对用户信息进行了加密，可以保证用户信息的安全性。The method for logging in to a third-party site according to the second aspect of the present invention, by receiving a new URL address, the new URL address is generated according to the user information encryption string and the URL address of the third-party site page, and from the new Obtain the encrypted string of the user information in the URL address and decrypt it, and then automatically log in to the third-party site after the decryption, so that the user does not need to take the initiative when clicking the link to enter the third-party site when the user logs in on the traffic distribution portal product. The login can also be logged in on the third-party site, and the user information can be secured by encrypting the user information.

为达到上述目的，本发明第三方面实施例提出的服务器，包括：接收模块，用于接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息；获取模块，用于根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息；加密模块，用于根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串；生成模块，用于根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。To achieve the above objective, the server of the third aspect of the present invention includes: a receiving module, configured to receive a request message sent by a traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access. And the user is configured to acquire the application information of the third-party site according to the URL address, where the application information of the third-party site includes an application key, and according to the The session information determines whether the user is in the login state on the traffic distribution portal product, and obtains the user information when the login state is in the login state; the encryption module is configured to perform encryption processing according to the application key and the user information, Obtaining a user information encryption string; a generating module, configured to generate a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirect the browser to the new URL address, Having the third-party site server obtain the encrypted string of the user information according to the new URL address and successfully solve the problem The user information encryption string The user is then automatically logged into the processing of the third party site.

本发明第三方面实施例提出的服务器，通过接收流量分发入口产品发送的用户要访问的第三方站点页面的URL地址和用户在流量分发入口产品上的会话信息，对用户信息进行加密处理，根据用户信息加密串和第三方站点页面的URL地址生成新的URL地址，对用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并保证用户信息的安全性。The server of the third aspect of the present invention encrypts the user information by receiving the URL address of the third-party site page that the user sends the traffic distribution entry product and the session information of the user on the traffic distribution entry product, according to the encryption process. The user information encryption string and the URL address of the third-party site page generate a new URL address, and the user automatically logs in to the third-party site, so that when the user clicks on the link to enter the third-party site when the user logs in on the traffic distribution portal product, Active login can also be logged in at the third-party site and ensure the security of user information.

为达到上述目的，本发明第四方面实施例提出的服务器，包括：接收模块，用于接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的；获取模块，用于根据所述新的URL地址获取用户信息加密串；解密模块，用于对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。In order to achieve the above objective, a server according to the fourth aspect of the present invention includes: a receiving module, configured to receive a page request sent by a first server that is preset by a browser according to a new URL address, the page The request includes a new URL address, and the new URL address is generated by the first server according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is according to the third-party site. Obtained by the application key and the user information, the user information is obtained when the user is in the login state on the traffic distribution portal product; the obtaining module is configured to obtain the user information encryption string according to the new URL address; the decryption module, And configured to perform decryption processing on the encrypted string of the user information, and after successfully decrypting, perform automatic processing on the user to log in to the third-party site.

本发明第四方面实施例提出的服务器，通过接收新的URL地址，该新的URL地址是根据用户信息加密串和第三方站点页面的URL地址生成的，并从该新的URL地址中获取用户信息加密串以及进行解密，在解密后对相应的用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并且由于对用户信息进行了加密，可以保证用户信息的安全性。The server according to the fourth aspect of the present invention is configured to receive a new URL address, and the new URL address is generated according to the user information encryption string and the URL address of the third-party site page, and obtain the user from the new URL address. The information is encrypted and decrypted, and the corresponding user is automatically logged into the third-party site after decryption, so that when the user clicks on the link to enter the third-party site when the user is logged in on the traffic distribution portal product, the active user can log in at the third-party site without active login. The third-party site is also logged in, and the user information is encrypted to ensure the security of the user information.

本发明实施例还提出了一种服务器，包括：一个或者多个处理器；存储器；一个或者多个程序，所述一个或者多个程序存储在所述存储器中，当被所述一个或者多个处理器执行时：执行如第一方面实施例任一项所述的方法。The embodiment of the invention further provides a server, comprising: one or more processors; a memory; one or more programs, wherein the one or more programs are stored in the memory when the one or more When the processor is executed: the method of any of the first aspect embodiments is performed.

本发明实施例还提出了一种服务器，包括：一个或者多个处理器；存储器；一个或者多个程序，所述一个或者多个程序存储在所述存储器中，当被所述一个或者多个处理器执行时：执行如第二方面实施例任一项所述的方法。The embodiment of the invention further provides a server, comprising: one or more processors; a memory; one or more programs, wherein the one or more programs are stored in the memory when the one or more When the processor is executed: the method of any of the embodiments of the second aspect is performed.

本发明实施例还提出了一种非易失性计算机存储介质，所述计算机存储介质存储有一个或者多个模块，当所述一个或者多个模块被一个执行时：执行如第一方面实施例任一项所述的方法。The embodiment of the present invention further provides a non-volatile computer storage medium, where the computer storage medium stores one or more modules, when the one or more modules are executed by one: performing the embodiment as the first aspect The method of any of the preceding claims.

本发明实施例还提出了一种非易失性计算机存储介质，所述计算机存储介质存储有一个或者多个模块，当所述一个或者多个模块被一个执行时：执行如第二方面实施例任一项所述的方法。 The embodiment of the present invention further provides a non-volatile computer storage medium, where the computer storage medium stores one or more modules, when the one or more modules are executed by one: performing the embodiment as the second aspect The method of any of the preceding claims.

本发明附加的方面和优点将在下面的描述中部分给出，部分将从下面的描述中变得明显，或通过本发明的实践了解到。The additional aspects and advantages of the invention will be set forth in part in the description which follows.

附图说明DRAWINGS

本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解，其中：The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from

图1是本发明一实施例提出的登录第三方站点的方法的流程示意图；1 is a schematic flowchart of a method for logging in to a third-party site according to an embodiment of the present invention;

图2是本发明另一实施例提出的登录第三方站点的方法的流程示意图；2 is a schematic flowchart of a method for logging in to a third-party site according to another embodiment of the present invention;

图3是本发明另一实施例提出的登录第三方站点的方法的流程示意图；3 is a schematic flowchart of a method for logging in to a third-party site according to another embodiment of the present invention;

图4是本发明另一实施例提出的服务器的结构示意图；4 is a schematic structural diagram of a server according to another embodiment of the present invention;

图5是本发明另一实施例提出的服务器的结构示意图；FIG. 5 is a schematic structural diagram of a server according to another embodiment of the present invention; FIG.

图6是本发明另一实施例提出的服务器的结构示意图；6 is a schematic structural diagram of a server according to another embodiment of the present invention;

图7是本发明另一实施例提出的服务器的结构示意图。FIG. 7 is a schematic structural diagram of a server according to another embodiment of the present invention.

具体实施方式detailed description

下面详细描述本发明的实施例，所述实施例的示例在附图中示出，其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的，仅用于解释本发明，而不能理解为对本发明的限制。相反，本发明的实施例包括落入所附加权利要求书的精神和内涵范围内的所有变化、修改和等同物。The embodiments of the present invention are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the accompanying drawings are intended to be illustrative of the invention and are not to be construed as limiting. Rather, the invention is to cover all modifications, modifications and equivalents within the spirit and scope of the appended claims.

图1是本发明实施例提出的登录第三方站点的方法的流程示意图，该方法包括：1 is a schematic flowchart of a method for logging in to a third-party site according to an embodiment of the present invention, where the method includes:

S11：接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息。S11: Receive a request message sent by the traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access and session information of the user on the traffic distribution portal product.

其中，流量分发入口产品例如搜索引擎、网址导航等产品。第三方站点可以是web站点，例如页游、购物、票务以及团购类的站点。Among them, traffic distribution portal products such as search engines, website navigation and other products. Third-party sites can be web sites such as page tours, shopping, ticketing, and group buying sites.

本实施例的执行主体是设置的服务器，可以称为一号直达***服务端，用户可以在流量分发入口产品的页面中点击第三方站点的链接，触发流量分发入口产品向一号直达***服务端发送请求消息。The execution entity of this embodiment is a set server, which may be referred to as a No. 1 direct system server. The user may click the link of the third party site in the page of the traffic distribution portal product, and trigger the traffic distribution portal product to the No. 1 direct system server. Send a request message.

S12：根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息。S12: Obtain application information of the third-party site according to the URL address, where the application information of the third-party site includes an application key, and determine, according to the session information, whether the user is logged in on the traffic distribution portal product. Status, and get user information when they are logged in.

其中，一号直达***服务端可以根据URL地址的域名获取对应的第三方站点的应用信息。 The server of the first direct system can obtain the application information of the corresponding third-party site according to the domain name of the URL address.

第三方站点预先在一号直达***服务端进行注册，将域名和应用信息对应保存在一号直达***服务端的数据库中。应用信息包括但不限于应用ID、应用密钥以及是否开通权限等。The third-party site registers in advance on the first-line direct system server, and the domain name and application information are correspondingly stored in the database of the direct-system service. Application information includes, but is not limited to, an application ID, an application key, and whether or not a permission is granted.

一号直达***服务端可以从预先保存的第三方站点的注册信息中，获取与所述域名对应的第三方站点的应用信息。The first direct system server can obtain the application information of the third-party site corresponding to the domain name from the registration information of the pre-stored third-party site.

进一步，一号直达***服务端根据接收的请求消息中的会话信息判断用户在流量分发入口产品上是否处于登录状态。Further, the first direct system server determines whether the user is in the login state on the traffic distribution entry product according to the session information in the received request message.

可选的，如果会话信息是对用户在流量分发入口产品上的登录状态信息进行加密后得到的加密串，一号直达***服务端对会话信息进行解密处理，得到用户的登录状态信息。或者，Optionally, if the session information is an encrypted string obtained by encrypting the login status information of the user on the traffic distribution entry product, the first direct system server decrypts the session information to obtain the login status information of the user. or,

可选的，如果会话信息是ID，一号直达***服务端可以从数据库中获取与该ID对应的登录状态信息，并根据登录状态信息判断是否处于登录状态。Optionally, if the session information is an ID, the first direct server may obtain the login status information corresponding to the ID from the database, and determine whether the login status is based on the login status information.

S13：根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串。S13: Perform encryption processing according to the application key and the user information to obtain a user information encryption string.

其中，一号直达***服务端以第三方站点的应用信息中包含的应用密钥为加密密钥，对步骤S12中获取的用户信息、当前***时间戳等数据进行加密处理，加密算法可以为对称加密算法，得到用户信息加密串。The first direct access system server encrypts the user information and the current system timestamp obtained in step S12 by using the application key included in the application information of the third-party site as an encryption key, and the encryption algorithm may be symmetric. The encryption algorithm obtains a string of user information encryption.

S14：根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。S14: Generate a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirect the browser to the new URL address, so that the third-party site server according to the The new URL address acquires the encrypted string of user information and automatically logs the user to the third-party site after successfully decrypting the encrypted string of user information.

其中，一号直达***服务端可以将加密串数据作为参数，附加到获取的用户点击的链接的URL地址上，得到新的URL地址。例如，第三方url为http://example.com，加密串为xxx，生成的新的url是将加密串当作url参数附加到第三方url上面去，例如，http://example.com？u＝xxx。The No. 1 direct system server can add the encrypted string data as a parameter to the obtained URL address of the link clicked by the user to obtain a new URL address. For example, the third-party url is http://example.com, the encrypted string is xxx, and the generated new url is to attach the encrypted string as a url parameter to the third-party url, for example, http://example.com? u=xxx.

一号直达***服务端还可以将浏览器重定向到所述新的URL地址上，第三方站点服务端对用户进行自动登录的处理，后续流程可以参见图2实施例。The first direct-access system server can also redirect the browser to the new URL address, and the third-party site server performs automatic login processing for the user. For the subsequent process, refer to the embodiment of FIG. 2.

本实施例通过对用户信息进行加密处理，根据用户信息加密串和第三方站点页面的URL地址生成新的URL地址，对用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并且由于对用户信息进行了加密，可以保证用户信息的安全性。In this embodiment, the user information is encrypted, and a new URL address is generated according to the URL of the user information encryption string and the third-party site page, and the user is automatically logged into the third-party site to implement the user's access to the traffic distribution portal product. When you click the link to enter the third-party site when you log in, you can log in to the third-party site without active login, and the user information can be encrypted to ensure the security of the user information.

图2是本发明另一实施例提出的登录第三方站点的方法的流程示意图，该方法包括：FIG. 2 is a schematic flowchart of a method for logging in to a third-party site according to another embodiment of the present invention, where the method includes:

S21：接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的。S21: Receive a page request sent by the first server that is preset by the browser according to the new URL address. The page request includes a new URL address, and the new URL address is generated by the first server according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is according to the first Obtained by the application key and user information of the three-party site, the user information is obtained when the user is in the login state on the traffic distribution portal product.

其中，预设的第一服务端可以是一号直达***服务端。The preset first server may be the first direct server.

第三方站点服务端接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，从该新的URL地址参数中获取用户信息加密串。其中，第三方站点可以是web站点，例如页游、购物、票务以及团购类的站点。The third-party site server receives a page request sent by the first server that is preset by the browser according to the new URL address, and the page request includes a new URL address, and the user is obtained from the new URL address parameter. Information encryption string. Among them, the third-party site may be a web site, such as a page tour, shopping, ticketing, and group buying sites.

S22：根据所述新的URL地址获取用户信息加密串。S22: Acquire a user information encryption string according to the new URL address.

其中，第三方站点服务端读取该新的URL地址中附加的参数，并确定为用户信息加密串。The third-party site server reads the additional parameter in the new URL address and determines the encrypted string as the user information.

S23：对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。S23: Perform decryption processing on the encrypted string of user information, and after successfully decrypting, perform automatic processing on the third-party site for the user.

其中，第三方站点采用与本站点对应的应用密钥对获取的用户信息加密串进行解密处理，得到用户信息。The third-party site decrypts the obtained user information encryption string by using the application key corresponding to the site, and obtains the user information.

所述对所述用户进行自动登录所述第三方站点的处理，包括：The processing of automatically logging in to the third-party site by the user includes:

获取用户在所述第三方站点服务端中与所述用户信息对应的账户；Obtaining an account corresponding to the user information in the third-party site server of the user;

对所述账户进行自动登录处理，并通过浏览器向用户展示所述第三方站点服务端的登录状态下的页面。Performing automatic login processing on the account, and displaying the page in the login state of the third-party site server to the user through the browser.

其中，账户可以是账户名或者账户ID等。Among them, the account can be an account name or an account ID.

所述获取用户在所述第三方站点服务端中与所述用户信息对应的账户，包括：And obtaining, by the user, an account corresponding to the user information in the server of the third-party site, including:

判断在所述第三方站点服务端中是否存在与所述用户信息绑定的账号名；Determining whether there is an account name bound to the user information in the third-party site server;

如果存在，则将所述绑定的账户确定为与所述用户信息对应的账户；If yes, determining the bound account as an account corresponding to the user information;

如果不存在，自动注册一个与所述用户信息对应的账户。If it does not exist, an account corresponding to the user information is automatically registered.

本实施例通过接收新的URL地址，该新的URL地址是根据用户信息加密串和第三方站点页面的URL地址生成的，并从该新的URL地址中获取用户信息加密串以及进行解密，在解密后对相应的用户进行自动登录第三方站点的处理，实现用户在流量分发入口产品上处于登录状态时点击链接进入第三方站点时，无需主动登录就能够在该第三方站点上也处于登录状态，并且由于对用户信息进行了加密，可以保证用户信息的安全性。In this embodiment, by receiving a new URL address, the new URL address is generated according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is obtained from the new URL address and decrypted. After decryption, the corresponding user is automatically logged into the third-party site, so that when the user clicks on the link to enter the third-party site when the user is logged in on the traffic distribution portal product, the user can also log in at the third-party site without actively logging in. And because the user information is encrypted, the security of the user information can be guaranteed.

图3是本发明另一实施例提出的登录第三方站点的方法的流程示意图，该方法包括：3 is a schematic flowchart of a method for logging in to a third-party site according to another embodiment of the present invention, where the method includes:

S301：用户点击流量分发入口产品页面中的第三方站点的链接。S301: The user clicks on a link of a third-party site in the traffic distribution portal product page.

其中，流量分发入口产品例如搜索引擎、网址导航等产品。第三方站点可以是web站点，例如页游、购物、票务以及团购类的站点。Among them, traffic distribution portal products such as search engines, website navigation and other products. The third party site can be a web site Points, such as page tours, shopping, ticketing, and group buying sites.

S302：流量分发入口产品向一号直达***服务端发送请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息。S302: The traffic distribution portal product sends a request message to the first-number direct system server, where the request message includes a URL address of a third-party site page that the user wants to access and session information of the user on the traffic distribution portal product.

用户可以在流量分发入口产品的页面中点击第三方站点的链接，触发流量分发入口产品向一号直达***服务端发送请求消息。The user can click the link of the third-party site in the page of the traffic distribution portal product to trigger the traffic distribution portal product to send a request message to the first direct-system server.

S303：一号直达***服务端从请求消息中获取第三方站点页面的URL地址。S303: The first direct system server obtains the URL address of the third-party site page from the request message.

S304：根据所述第三方站点页面的URL地址中的域名，获取所述第三方站点的应用信息。S304: Obtain application information of the third-party site according to the domain name in the URL address of the third-party site page.

第三方站点预先在一号直达***服务端进行注册，将第三方展现的URL地址的域名和第三方站点的应用信息对应保存在一号直达***服务端中。应用信息包括但不限于应用ID、应用密钥以及是否开通相关的权限等。The third-party site registers in advance on the first-line direct system server, and stores the domain name of the URL address displayed by the third party and the application information of the third-party site in the first-number direct system server. Application information includes, but is not limited to, an application ID, an application key, and whether or not related rights are enabled.

S305：根据请求消息中的会话信息，判断用户是否已经登录流量分发入口产品，如果否，执行S308，如果是，则执行S306。S305: Determine, according to the session information in the request message, whether the user has logged in to the traffic distribution entry product, if not, execute S308, and if yes, execute S306.

如果会话信息是对用户登录状态的加密信息，那么可以通过解密获取用户登录状态信息以确定用户是否登录。或者，If the session information is encrypted information about the user's login status, the user login status information can be obtained by decryption to determine whether the user is logged in. or,

如果会话信息是ID，则从保存的信息中获取ID对应的登录状态信息，以确定用户是否登录。If the session information is an ID, the login status information corresponding to the ID is obtained from the saved information to determine whether the user logs in.

S306：获取登录用户的基本信息。S306: Acquire basic information of the logged in user.

一号直达***服务端可以与流量分发入口产品使用同一套账户体系，在该账号体系下会记录每个用户的基本信息，因此，可以找到登录用户的基本信息。The No. 1 direct system server can use the same set of account system as the traffic distribution portal product. Under this account system, the basic information of each user is recorded, so the basic information of the logged-in user can be found.

基本信息包括但不限于用户ID、用户名等。Basic information includes, but is not limited to, a user ID, a username, and the like.

S307：根据应用信息中的权限信息，获取额外的用户信息。S307: Acquire additional user information according to the permission information in the application information.

例如，开通的权限信息包括获取授权码，则获取的额外用户信息可以包括授权码。For example, the opened permission information includes obtaining an authorization code, and the obtained additional user information may include an authorization code.

S308：根据应用密钥，对获取的用户信息进行加密处理，得到用户信息加密串。S308: Encrypt the obtained user information according to the application key to obtain a user information encryption string.

用户信息包括用户基本信息和额外用户信息，加密时可以对用户信息和***当前时间戳进行对称加密。User information includes user basic information and additional user information. When encrypting, the user information and the current time stamp of the system can be symmetrically encrypted.

S309：根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，将用户重定向到该新的URL上。S309: Generate a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirect the user to the new URL.

用户信息加密串可以作为第三方站点页面的URL地址的参数，附加到该URL地址上，以重定向到第三方站点服务端。 The user information encryption string can be attached to the URL address as a parameter of the URL address of the third-party site page to be redirected to the third-party site server.

S310：第三方站点服务端从新的URL地址获取用户信息加密串，并进行解密。S310: The third-party site server obtains the encrypted string of user information from the new URL address and decrypts it.

第三方站点服务端可以从附件的参数中获取用户信息加密串，并对自身的应用密码进行解密。The third-party site server can obtain the user information encryption string from the parameters of the attachment and decrypt the application password of the user.

S311：判断解密后是否得到用户信息，如果是，执行S313，如果否，则执行S312。S311: It is judged whether the user information is obtained after decryption, if yes, execute S313, if no, execute S312.

由于登录用户在加密时会包括用户信息，否则不包括，因此，当解密时获取用户信息后可以确定用户在流量分发入口产品上处于登录状态，否则未登录。Since the logged-in user includes user information when encrypting, it is not included. Therefore, when the user information is obtained during decryption, it can be determined that the user is logged in on the traffic distribution entry product, otherwise, the user is not logged in.

S312：通过浏览器向用户展示第三方站点服务端的非登录状态下的页面。S312: Display, by the browser, the page in the non-login state of the third-party site server to the user.

S313：第三方站点服务端判断该用户信息是否已经与本账号***做绑定处理，如果是，执行S315，如果否，则执行S314。S313: The third-party site server determines whether the user information has been bound to the account system. If yes, execute S315. If no, execute S314.

其中，第三方站点服务端中可以预先记录绑定信息，通过预先记录的信息判断是否绑定。The third-party site server may pre-record the binding information, and determine whether the binding is performed by using the pre-recorded information.

S314：第三方站点服务端根据用户信息自动注册一个本账号***下的用户账号并与用户信息做绑定。S314: The third-party site server automatically registers a user account under the account system according to the user information and binds to the user information.

S315：第三方站点服务端根据解密得到的用户相关信息获取与之绑定的本账号***下的账号。S315: The third-party site server obtains the account under the account system bound to the user according to the decrypted user-related information.

S316：第三方站点服务端将所述本账号***下的用户账号做自动登录处理。S316: The third-party site server performs automatic login processing on the user account under the account system.

在登录处理后，可以通过浏览器向用户展示所述第三方站点服务端的登录状态下的页面。After the login process, the page in the login state of the third-party site server may be displayed to the user through the browser.

图4是本发明另一实施例提出的服务器的结构示意图，该服务器40包括接收模块41、获取模块42、加密模块43以及生成模块44。FIG. 4 is a schematic structural diagram of a server according to another embodiment of the present invention. The server 40 includes a receiving module 41, an obtaining module 42, an encryption module 43, and a generating module 44.

接收模块41用于接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息。The receiving module 41 is configured to receive a request message sent by the traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access and session information of the user on the traffic distribution portal product.

获取模块42用于根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息。The obtaining module 42 is configured to obtain application information of a third-party site according to the URL address, where the third-party site should The usage information includes an application key, and determines, according to the session information, whether the user is in a login state on the traffic distribution portal product, and acquires user information when in the login state.

一个实施例中，所述获取模块42包括第一单元421，如图5所示，所述第一单元421用于根据所述URL地址获取第三方站点的应用信息，所述第一单元421具体用于获取所述URL地址中的域名；从预先保存的第三方站点的注册信息中，获取与所述域名对应的第三方站点的应用信息。In an embodiment, the obtaining module 42 includes a first unit 421. The first unit 421 is configured to acquire application information of a third-party site according to the URL address, where the first unit 421 is specific. The domain name in the URL address is obtained. The application information of the third-party site corresponding to the domain name is obtained from the registration information of the pre-stored third-party site.

其中，一号直达***服务端可以根据URL地址的域名获取对应的第三方站点的应用信息。The server of the first direct system can obtain the application information of the corresponding third-party site according to the domain name of the URL address.

另一个实施例中，所述获取模块42还包括第二单元422，如图5所示，所述第二单元422用于根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，所述第二单元422具体用于当所述会话信息是对所述用户在所述流量分发入口产品上的登录状态信息进行加密后得到的加密串时，对所述会话信息进行解密，得到所述登录状态信息，并根据所述登录状态信息判断是否处于登录状态；或者，In another embodiment, the obtaining module 42 further includes a second unit 422, as shown in FIG. 5, the second unit 422 is configured to determine, according to the session information, whether the user is on the traffic distribution portal product. In the login state, the second unit 422 is specifically configured to perform the session information when the session information is an encrypted string obtained by encrypting login status information of the user on the traffic distribution portal product. Decrypting, obtaining the login status information, and determining whether the login status is based on the login status information; or

当所述会话信息是ID时，从数据库中获取与所述ID对应的登录状态信息，并根据所述登录状态信息判断是否处于登录状态。When the session information is an ID, the login status information corresponding to the ID is obtained from the database, and it is determined whether the login status is in the login status according to the login status information.

另一个实施例中，所述第三方站点的应用信息还包括权限信息，所述获取模块还包括第三单元423，如图5所示，所述第三单元423用于获取用户信息，所述第三单元423具体用于从数据库中，获取与所述会话信息对应的账户信息；从所述账户信息中获取所述权限信息能够获取的用户信息。In another embodiment, the application information of the third-party site further includes the rights information, the acquiring module further includes a third unit 423, as shown in FIG. 5, the third unit 423 is configured to acquire user information, The third unit 423 is specifically configured to acquire account information corresponding to the session information from the database, and obtain user information that can be acquired by the rights information from the account information.

加密模块43用于根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串。The encryption module 43 is configured to perform encryption processing according to the application key and the user information to obtain user information encryption. string.

一个实施例中，所述加密模块43具体用于采用所述应用密码，对所述用户信息和***当前时间进行对称加密。In an embodiment, the encryption module 43 is specifically configured to perform symmetric encryption on the user information and the current time of the system by using the application password.

生成模块44用于根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。The generating module 44 is configured to generate a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirect the browser to the new URL address, so that the third-party site server Obtaining the user information encryption string according to the new URL address and automatically logging the user to the third-party site after successfully decrypting the user information encryption string.

一个实施例中，所述生成模块44具体用于将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上，得到新的URL地址。In one embodiment, the generating module 44 is specifically configured to add the user information encrypted string as a parameter to the URL address of the third-party site page to obtain a new URL address.

本实施例的服务器可以具体是第一服务端，也就是一号直达***服务端，其具体内容可以参见上述对第一服务端的描述，在此不再赘述。The server in this embodiment may be specifically the first server, that is, the first server, and the specific content may be referred to the description of the first server, and details are not described herein.

图6是本发明另一实施例提出的服务器的结构示意图，该装置60包括接收模块61、获取模块62以及解密模块63。FIG. 6 is a schematic structural diagram of a server according to another embodiment of the present invention. The device 60 includes a receiving module 61, an obtaining module 62, and a decrypting module 63.

接收模块61用于接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的。The receiving module 61 is configured to receive a page request sent by the first server that is preset by the browser according to the new URL address, where the page request includes a new URL address, and the new URL address is the first The server is generated according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is obtained according to the application key and the user information of the third-party site, where the user information is the traffic of the user. Obtained when the distribution portal product is logged in.

其中，预设的第一服务端可以是一号直达***服务端。 The preset first server may be the first direct server.

获取模块62用于根据所述新的URL地址获取用户信息加密串。The obtaining module 62 is configured to obtain a user information encryption string according to the new URL address.

一个实施例中，所述新的URL地址是将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上得到的，所述获取模块62具体用于读取所述新的URL地址中附加的参数，并确定为所述用户信息加密串。In an embodiment, the new URL address is obtained by adding the user information encryption string as a parameter to the URL address of the third-party site page, and the obtaining module 62 is specifically configured to read the new URL. An additional parameter in the URL address and determine the encrypted string for the user information.

解密模块63用于对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。The decryption module 63 is configured to perform decryption processing on the encrypted string of user information, and after successfully decrypting, perform automatic processing on the user to log in to the third-party site.

一个实施例中，所述解密模块63包括第一单元631，如图7所示，所述第一单元631具体用于采用所述第三方站点的应用密钥，对所述用户信息加密串进行解密处理，得到用户信息。In one embodiment, the decryption module 63 includes a first unit 631. As shown in FIG. 7, the first unit 631 is specifically configured to perform an encryption of the user information by using an application key of the third-party site. Decryption processing to obtain user information.

另一个实施例中，所述解密模块63还包括用于对所述用户进行自动登录所述第三方站点的处理的第二单元632，如图7所示，所述第二单元632具体用于获取用户在所述第三方站点服务端中与所述用户信息对应的账户；对所述账户进行自动登录处理，并通过浏览器向用户展示所述第三方站点服务端的登录状态下的页面。In another embodiment, the decryption module 63 further includes a second unit 632 for performing automatic processing on the user to the third-party site. As shown in FIG. 7, the second unit 632 is specifically used to Acquiring an account corresponding to the user information in the server of the third-party site; performing automatic login processing on the account, and displaying the page in the login state of the server of the third-party site to the user through a browser.

另一个实施例中，所述第二单元632进一步具体用于判断在所述第三方站点服务端中是否存在与所述用户信息绑定的账号名；如果存在，则将所述绑定的账户确定为与所述用户信息对应的账户；如果不存在，自动注册一个与所述用户信息对应的账户。In another embodiment, the second unit 632 is further specifically configured to determine whether an account name bound to the user information exists in the third-party site server; if yes, the bound account is It is determined as an account corresponding to the user information; if not, an account corresponding to the user information is automatically registered.

本实施例的服务器可以具体是第三方站点服务端，其具体内容可以参见上述对第三方站点服务端的描述，在此不再赘述。The server of this embodiment may be specifically a third-party site server. For details, refer to the description of the server of the third-party site, and details are not described herein.

本发明实施例还提出了一种服务器，包括：The embodiment of the invention further provides a server, including:

一个或者多个处理器； One or more processors;

存储器；Memory

一个或者多个程序，所述一个或者多个程序存储在所述存储器中，当被所述一个或者多个处理器执行时进行如下操作：One or more programs, the one or more programs being stored in the memory, and when executed by the one or more processors, do the following:

接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息；Receiving a request message sent by the traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access and session information of the user on the traffic distribution portal product;

根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息；Obtaining application information of the third-party site according to the URL address, where the application information of the third-party site includes an application key, and determining, according to the session information, whether the user is in a login state on the traffic distribution portal product, And obtain user information when in the login state;

根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串；Performing an encryption process according to the application key and the user information to obtain a user information encryption string;

根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。Generating a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirecting the browser to the new URL address, so that the third-party site server is based on the new The URL address acquires the encrypted string of the user information and automatically logs the user to the third-party site after successfully decrypting the encrypted string of the user information.

一个或者多个处理器；One or more processors;

存储器；Memory

接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的；Receiving a page request sent by the first server that is preset by the browser according to the new URL address, where the page request includes a new URL address, and the new URL address is the first server according to the user. The information encryption string is generated according to the URL address of the third-party site page, and the user information encryption string is obtained according to the application key and the user information of the third-party site, where the user information is located on the traffic distribution portal product. Obtained when logging in to the state;

根据所述新的URL地址获取用户信息加密串；Obtaining a user information encryption string according to the new URL address;

对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。The user information encryption string is decrypted, and after successful decryption, the user is automatically logged into the third-party site.

本发明实施例还提出了一种非易失性计算机存储介质，其特征在于，所述计算机存储介质存储有一个或者多个模块，当所述一个或者多个模块被一个执行时：Embodiments of the present invention also provide a non-volatile computer storage medium, wherein the computer storage medium stores one or more modules when the one or more modules are executed by one:

根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息； Obtaining application information of the third-party site according to the URL address, where the application information of the third-party site includes an application key, and determining, according to the session information, whether the user is in a login state on the traffic distribution portal product, And obtain user information when in the login state;

需要说明的是，在本发明的描述中，术语“第一”、“第二”等仅用于描述目的，而不能理解为指示或暗示相对重要性。此外，在本发明的描述中，除非另有说明，“多个”的含义是两个或两个以上。It should be noted that in the description of the present invention, the terms "first", "second" and the like are used for descriptive purposes only, and are not to be construed as indicating or implying relative importance. Further, in the description of the present invention, the meaning of "a plurality" is two or more unless otherwise specified.

流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为，表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分，并且本发明的优选实施方式的范围包括另外的实现，其中可以不按所示出或讨论的顺序，包括根据所涉及的功能按基本同时的方式或按相反的顺序，来执行功能，这应被本发明的实施例所属技术领域的技术人员所理解。Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process. And the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.

应当理解，本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中，多个步骤或方法可以用存储在存储器中且由合适的指令执行***执行的软件或固件来实现。例如，如果用硬件来实现，和在另一实施方式中一样，可用本领域公知的下列技术中的任一项或他们的组合来实现：具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路，具有合适的组合逻辑门电路的专用集成电路，可编程门阵列(PGA)，现场可编程门阵列(FPGA)等。It should be understood that portions of the invention may be implemented in hardware, software, firmware or a combination thereof. In the above-described embodiments, multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.

本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成，所述的程序可以存储于一种计算机可读存储介质中，该程序在执行时，包括方法实施例的步骤之一或其组合。One of ordinary skill in the art can understand that all or part of the steps carried by the method of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, one or a combination of the steps of the method embodiments is included.

此外，在本发明各个实施例中的各功能单元可以集成在一个处理模块中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以采用硬件的形式实现，也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时，也可以存储在一个计算机可读取存储介质中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or may be each Units exist physically separately, or two or more units can be integrated into one module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. The integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.

上述提到的存储介质可以是只读存储器，磁盘或光盘等。The above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

在本说明书的描述中，参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中，对上述术语的示意性表述不一定指的是相同的实施例或示例。而且，描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.

尽管上面已经示出和描述了本发明的实施例，可以理解的是，上述实施例是示例性的，不能理解为对本发明的限制，本领域的普通技术人员在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。 Although the embodiments of the present invention have been shown and described, it is understood that the above-described embodiments are illustrative and are not to be construed as limiting the scope of the invention. The embodiments are subject to variations, modifications, substitutions and variations.

Claims

一种登录第三方站点的方法，其特征在于，包括：A method for logging in to a third-party site, comprising:

接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息；Receiving a request message sent by the traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access and session information of the user on the traffic distribution portal product;

根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息；Obtaining application information of the third-party site according to the URL address, where the application information of the third-party site includes an application key, and determining, according to the session information, whether the user is in a login state on the traffic distribution portal product, And obtain user information when in the login state;

根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串；Performing an encryption process according to the application key and the user information to obtain a user information encryption string;

根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。Generating a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirecting the browser to the new URL address, so that the third-party site server is based on the new The URL address acquires the encrypted string of the user information and automatically logs the user to the third-party site after successfully decrypting the encrypted string of the user information.
根据权利要求1所述的方法，其特征在于，所述根据所述URL地址获取所述第三方站点的应用信息，包括：The method of claim 1, wherein the obtaining the application information of the third-party site according to the URL address comprises:

获取所述URL地址中的域名；Obtaining a domain name in the URL address;

从预先保存的第三方站点的注册信息中，获取与所述域名对应的第三方站点的应用信息。The application information of the third-party site corresponding to the domain name is obtained from the registration information of the pre-stored third-party site.
根据权利要求1-2任一项所述的方法，其特征在于，所述根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，包括：The method according to any one of claims 1-2, wherein the determining, according to the session information, whether the user is in a login state on the traffic distribution entry product comprises:

当所述会话信息是对所述用户在所述流量分发入口产品上的登录状态信息进行加密后得到的加密串时，对所述会话信息进行解密，得到所述登录状态信息，并根据所述登录状态信息判断是否处于登录状态；或者，When the session information is an encrypted string obtained by encrypting login status information of the user on the traffic distribution entry product, decrypting the session information to obtain the login status information, and according to the The login status information determines whether it is in the login state; or,

当所述会话信息是ID时，从数据库中获取与所述ID对应的登录状态信息，并根据所述登录状态信息判断是否处于登录状态。When the session information is an ID, the login status information corresponding to the ID is obtained from the database, and it is determined whether the login status is in the login status according to the login status information.
根据权利要求1-3任一项所述的方法，其特征在于，所述第三方站点的应用信息还包括权限信息，所述获取用户信息，包括：The method according to any one of claims 1-3, wherein the application information of the third-party site further includes rights information, and the obtaining user information includes:

从数据库中，获取与所述会话信息对应的账户信息；Obtaining, from the database, account information corresponding to the session information;

从所述账户信息中获取所述权限信息能够获取的用户信息。User information that can be obtained by the authority information is obtained from the account information.
根据权利要求4所述的方法，其特征在于，所述账户信息与所述用户在所述流量分发入口产品上的账户信息一致。The method of claim 4 wherein said account information is consistent with account information of said user on said traffic distribution portal product.
根据权利要求1-5任一项所述的方法，其特征在于，所述根据所述应用密钥和所述用户信息进行加密处理，包括：The method according to any one of claims 1 to 5, wherein said according to said application key and said User information is encrypted, including:

采用所述应用密码，对所述用户信息和***当前时间进行对称加密。The user information and the current time of the system are symmetrically encrypted by using the application password.
根据权利要求1-6任一项所述的方法，其特征在于，所述根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，包括：The method according to any one of claims 1-6, wherein the generating a new URL address according to the user information encryption string and the URL address of the third party site page comprises:

将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上，得到新的URL地址。Adding the user information encrypted string as a parameter to the URL address of the third-party site page to obtain a new URL address.
一种登录第三方站点的方法，其特征在于，包括：A method for logging in to a third-party site, comprising:

接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的；Receiving a page request sent by the first server that is preset by the browser according to the new URL address, where the page request includes a new URL address, and the new URL address is the first server according to the user. The information encryption string is generated according to the URL address of the third-party site page, and the user information encryption string is obtained according to the application key and the user information of the third-party site, where the user information is located on the traffic distribution portal product. Obtained when logging in to the state;

根据所述新的URL地址获取用户信息加密串；Obtaining a user information encryption string according to the new URL address;

对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。The user information encryption string is decrypted, and after successful decryption, the user is automatically logged into the third-party site.
根据权利要求8所述的方法，其特征在于，所述新的URL地址是将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上得到的，所述根据所述新的URL地址获取用户信息加密串，包括：The method according to claim 8, wherein the new URL address is obtained by adding the user information encrypted string as a parameter to a URL address of the third-party site page, according to the The new URL address gets the encrypted string of user information, including:

读取所述新的URL地址中附加的参数，并确定为所述用户信息加密串。Reading the additional parameters in the new URL address and determining to encrypt the string for the user information.
根据权利要求8-9任一项所述的方法，其特征在于，所述对所述用户信息加密串进行解密处理，包括：The method according to any one of claims 8-9, wherein the decrypting the encrypted string of user information comprises:

采用所述第三方站点的应用密钥，对所述用户信息加密串进行解密处理，得到用户信息。The user information encryption string is decrypted by using the application key of the third-party site to obtain user information.
根据权利要求10所述的方法，其特征在于，所述对所述用户进行自动登录所述第三方站点的处理，包括：The method according to claim 10, wherein the processing of automatically logging in to the third-party site by the user comprises:

获取用户在所述第三方站点服务端中与所述用户信息对应的账户；Obtaining an account corresponding to the user information in the third-party site server of the user;

对所述账户进行自动登录处理，并通过浏览器向用户展示所述第三方站点服务端的登录状态下的页面。Performing automatic login processing on the account, and displaying the page in the login state of the third-party site server to the user through the browser.
根据权利要求11所述的方法，其特征在于，所述获取用户在所述第三方站点服务端中与所述用户信息对应的账户，包括：The method according to claim 11, wherein the obtaining an account corresponding to the user information in the server of the third-party site comprises:

判断在所述第三方站点服务端中是否存在与所述用户信息绑定的账号名；Determining whether there is an account name bound to the user information in the third-party site server;

如果存在，则将所述绑定的账户确定为与所述用户信息对应的账户；If yes, determining the bound account as an account corresponding to the user information;

如果不存在，自动注册一个与所述用户信息对应的账户。 If it does not exist, an account corresponding to the user information is automatically registered.
一种服务器，其特征在于，包括：A server, comprising:

接收模块，用于接收流量分发入口产品发送的请求消息，所述请求消息中包含用户要访问的第三方站点页面的URL地址和用户在所述流量分发入口产品上的会话信息；a receiving module, configured to receive a request message sent by the traffic distribution portal product, where the request message includes a URL address of a third-party site page that the user wants to access, and session information of the user on the traffic distribution portal product;

获取模块，用于根据所述URL地址获取第三方站点的应用信息，所述第三方站点的应用信息包括应用密钥，以及，根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，并在处于登录状态时，获取用户信息；An obtaining module, configured to acquire application information of a third-party site according to the URL address, where application information of the third-party site includes an application key, and determining, according to the session information, that the user is on the traffic distribution portal product Whether it is in the login state and obtain user information when it is in the login state;

加密模块，用于根据所述应用密钥和所述用户信息进行加密处理，得到用户信息加密串；An encryption module, configured to perform encryption processing according to the application key and the user information, to obtain a user information encryption string;

生成模块，用于根据所述用户信息加密串和所述第三方站点页面的URL地址生成新的URL地址，并将浏览器重定向到所述新的URL地址上，以使第三方站点服务端根据所述新的URL地址获取所述用户信息加密串并在成功解密所述用户信息加密串后对所述用户进行自动登录所述第三方站点的处理。a generating module, configured to generate a new URL address according to the user information encryption string and the URL address of the third-party site page, and redirect the browser to the new URL address, so that the third-party site server Obtaining the user information encryption string according to the new URL address and automatically logging the user to the third-party site after successfully decrypting the user information encryption string.
根据权利要求13所述的服务器，其特征在于，所述获取模块包括第一单元，所述第一单元用于根据所述URL地址获取第三方站点的应用信息，所述第一单元具体用于：The server according to claim 13, wherein the obtaining module comprises a first unit, wherein the first unit is configured to acquire application information of a third-party site according to the URL address, where the first unit is specifically used for :

获取所述URL地址中的域名；Obtaining a domain name in the URL address;

从预先保存的第三方站点的注册信息中，获取与所述域名对应的第三方站点的应用信息。The application information of the third-party site corresponding to the domain name is obtained from the registration information of the pre-stored third-party site.
根据权利要求13-14任一项所述的服务器，其特征在于，所述获取模块还包括第二单元，所述第二单元用于根据所述会话信息判断所述用户在所述流量分发入口产品上是否处于登录状态，所述第二单元具体用于：The server according to any one of claims 13 to 14, wherein the obtaining module further comprises a second unit, wherein the second unit is configured to determine, according to the session information, that the user is in the traffic distribution portal Whether the product is in the login state, the second unit is specifically used to:

当所述会话信息是对所述用户在所述流量分发入口产品上的登录状态信息进行加密后得到的加密串时，对所述会话信息进行解密，得到所述登录状态信息，并根据所述登录状态信息判断是否处于登录状态；或者，When the session information is an encrypted string obtained by encrypting login status information of the user on the traffic distribution entry product, decrypting the session information to obtain the login status information, and according to the The login status information determines whether it is in the login state; or,

当所述会话信息是ID时，从数据库中获取与所述ID对应的登录状态信息，并根据所述登录状态信息判断是否处于登录状态。When the session information is an ID, the login status information corresponding to the ID is obtained from the database, and it is determined whether the login status is in the login status according to the login status information.
根据权利要求13-15任一项所述的服务器，其特征在于，所述第三方站点的应用信息还包括权限信息，所述获取模块还包括第三单元，所述第三单元用于获取用户信息，所述第三单元具体用于：The server according to any one of claims 13 to 15, wherein the application information of the third-party site further includes rights information, the acquiring module further includes a third unit, and the third unit is configured to acquire a user. Information, the third unit is specifically used to:

从数据库中，获取与所述会话信息对应的账户信息；Obtaining, from the database, account information corresponding to the session information;

从所述账户信息中获取所述权限信息能够获取的用户信息。User information that can be obtained by the authority information is obtained from the account information.
根据权利要求16所述的服务器，其特征在于，所述账户信息与所述用户在所述流量分发入口产品上的账户信息一致。 The server according to claim 16, wherein said account information is consistent with account information of said user on said traffic distribution portal product.
根据权利要求13-17任一项所述的服务器，其特征在于，所述加密模块具体用于：The server according to any one of claims 13-17, wherein the encryption module is specifically configured to:

采用所述应用密码，对所述用户信息和***当前时间进行对称加密。The user information and the current time of the system are symmetrically encrypted by using the application password.
根据权利要求13-18任一项所述的服务器，其特征在于，所述生成模块具体用于：The server according to any one of claims 13 to 18, wherein the generating module is specifically configured to:

将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上，得到新的URL地址。Adding the user information encrypted string as a parameter to the URL address of the third-party site page to obtain a new URL address.
一种服务器，其特征在于，包括：A server, comprising:

接收模块，用于接收浏览器被预设的第一服务端根据新的URL地址重定向后发送的页面请求，所述页面请求中包含新的URL地址，所述新的URL地址是所述第一服务端根据用户信息加密串和第三方站点页面的URL地址生成的，所述用户信息加密串是根据所述第三方站点的应用密钥和用户信息得到的，所述用户信息是用户在流量分发入口产品上处于登录状态时获取的；a receiving module, configured to receive a page request sent by the first server that is preset by the browser according to the new URL address, where the page request includes a new URL address, and the new URL address is the first The server is generated according to the user information encryption string and the URL address of the third-party site page, and the user information encryption string is obtained according to the application key and the user information of the third-party site, where the user information is the traffic of the user. Obtained when the distribution portal product is logged in;

获取模块，用于根据所述新的URL地址获取用户信息加密串；An obtaining module, configured to obtain a user information encryption string according to the new URL address;

解密模块，用于对所述用户信息加密串进行解密处理，并在成功解密后，对所述用户进行自动登录所述第三方站点的处理。The decryption module is configured to perform decryption processing on the encrypted string of the user information, and after successfully decrypting, perform automatic processing on the third-party site for the user.
根据权利要求20所述的服务器，其特征在于，所述新的URL地址是将所述用户信息加密串作为参数，附加到所述第三方站点页面的URL地址上得到的，所述获取模块具体用于：The server according to claim 20, wherein the new URL address is obtained by adding the user information encrypted string as a parameter to a URL address of the third-party site page, and the obtaining module is specific. Used for:

读取所述新的URL地址中附加的参数，并确定为所述用户信息加密串。Reading the additional parameters in the new URL address and determining to encrypt the string for the user information.
根据权利要求20-21任一项所述的服务器，其特征在于，所述解密模块包括用于对所述用户信息加密串进行解密处理的第一单元，所述第一单元具体用于：The server according to any one of claims 20 to 21, wherein the decryption module comprises a first unit for performing decryption processing on the encrypted string of user information, the first unit being specifically configured to:

采用所述第三方站点的应用密钥，对所述用户信息加密串进行解密处理，得到用户信息。The user information encryption string is decrypted by using the application key of the third-party site to obtain user information.
根据权利要求22所述的服务器，其特征在于，所述解密模块还包括用于对所述用户进行自动登录所述第三方站点的处理的第二单元，所述第二单元具体用于：The server according to claim 22, wherein the decryption module further comprises a second unit for performing a process of automatically logging the third-party site to the user, the second unit being specifically configured to:

获取用户在所述第三方站点服务端中与所述用户信息对应的账户；Obtaining an account corresponding to the user information in the third-party site server of the user;

对所述账户进行自动登录处理，并通过浏览器向用户展示所述第三方站点服务端的登录状态下的页面。Performing automatic login processing on the account, and displaying the page in the login state of the third-party site server to the user through the browser.
根据权利要求23所述的服务器，其特征在于，所述第二单元进一步具体用于：The server according to claim 23, wherein the second unit is further specifically configured to:

判断在所述第三方站点服务端中是否存在与所述用户信息绑定的账号名；Determining whether there is an account name bound to the user information in the third-party site server;

如果存在，则将所述绑定的账户确定为与所述用户信息对应的账户；If yes, determining the bound account as an account corresponding to the user information;

如果不存在，自动注册一个与所述用户信息对应的账户。If it does not exist, an account corresponding to the user information is automatically registered.
一种服务器，其特征在于，包括： A server, comprising:

一个或者多个处理器；One or more processors;

存储器；Memory

一个或者多个程序，所述一个或者多个程序存储在所述存储器中，当被所述一个或者多个处理器执行时：One or more programs, the one or more programs being stored in the memory, when executed by the one or more processors:

执行如权利要求1-7任一项所述的方法。Performing the method of any of claims 1-7.
一种服务器，其特征在于，包括：A server, comprising:

一个或者多个处理器；One or more processors;

存储器；Memory

一个或者多个程序，所述一个或者多个程序存储在所述存储器中，当被所述一个或者多个处理器执行时：One or more programs, the one or more programs being stored in the memory, when executed by the one or more processors:

执行如权利要求8-12任一项所述的方法。Performing the method of any of claims 8-12.
一种非易失性计算机存储介质，其特征在于，所述计算机存储介质存储有一个或者多个模块，当所述一个或者多个模块被一个执行时：A non-volatile computer storage medium characterized in that the computer storage medium stores one or more modules when the one or more modules are executed by one:

执行如权利要求1-7任一项所述的方法。Performing the method of any of claims 1-7.
一种非易失性计算机存储介质，其特征在于，所述计算机存储介质存储有一个或者多个模块，当所述一个或者多个模块被一个执行时：执行如权利要求8-12任一项所述的方法。 A non-volatile computer storage medium, characterized in that the computer storage medium stores one or more modules, when the one or more modules are executed by one: performing any one of claims 8-12 Said method.