question:
Recently I encountered a sign-in problem at work. In fact, this is not a high concurrency problem, nor is it a problem of CSRF forged requests, but it is similar to these two points. In conclusion, it is aimed at users to prevent repetition in a short time. The problem of brushing requests is actually a single-user concurrency problem, so how to implement it?
answer:
Idea 1, how do we solve the CSRF problem? Generally, the timestamp, Appkey, and AppSecret are used to generate the token. After the predetermined time, the request cannot be used. If this strategy is used to solve this problem, it will definitely not work, because the general timestamp expiration time must be in minutes, and the check-in is generally in seconds, and multiple check-in requests can be generated within one second.
The second idea is to create a ConcurrentHashMap to control user access. But with multiple nodes, the synchronization of memory is the first problem.
Object signObj = concurrentHashMap.get("username");
if(null == signObj) {
signObj = concurrentHashMap.putIfAbsent("username", new Object());
if(null != signObj) {
doSign();
concurrentHashMap.remove("username");
}
}
The third idea is that the current implementation is implemented by Cache. The idea is actually similar. Maybe the cache will be a little faster and set the timeout time.
//Prevent repeated processing, if there is data, return false
// Even if it fails, the request cannot be retried for a minute
boolean succ = setCacheDataIfNotExist(accountId +
"-" + sourceType, accountId + "|" + sourceType, 60 * 1000);
if(!succ){
LogConstant.runLog.info("User sign repeatly! accountId : " + accountId + " ip : " + ip + " sourceType: " + sourceType);
return -1;
}
dosign();