Source: cnblogs.com/liyasong/p/saoma.html
Requirements Introduction
First of all, what is the scan code was introduced to login. Now, most of the students are equipped with this type of software and qq Taobao, Lynx and other mobile phones. The development of these app companies, have their corresponding website. To allow users to use their Web site, log more convenient and secure. These companies provide the use of mobile phones, sweep swept away, you can log service. Effect when the login page as follows:
There are many small partners may feel very magical, the page just shows a two-dimensional code, how would it know which phone to sweep the two-dimensional code, and to sign it? Moreover, after the registration is completed, the user can direct the information to the user, it is really amazing ah.
Explain the principles of
End web server +
The next step is for the detailed implementation of this service. First of all, say something about the principle: a user opens a web login page when the browser sends a request login server gets two-dimensional code.
After the server receives the request, it generates a random uuid, this id as key values are stored in redis server, and set an expiration time, and then after expired, the user logs on two-dimensional code need to be refreshed to reacquire. Meanwhile, the key value and the company's authentication string together, the two-dimensional code is generated by the interface, generate a picture of the two-dimensional code (two-dimensional code generation, there are many online interface and ready-made source code, will not be described here .) then, the two-dimensional code images and uuid return together to the user's browser.
The browser to get the two-dimensional code and uuid, will be sent to the browser once every second, the login request is successful. Uuid request carries an identifier of the current page. Here some students will be strange, one server only saved in redis uuid as the key value, how will the user id information it?
Here indeed there will be information about the user id, the id information is stored by the phone in the redis server.
Mobile terminal + server
Saying that the browser get the two-dimensional code, the two-dimensional code to display on the page, and give the user a hint: Make out your phone, open sweep the log. Out of cell phone users to scan two-dimensional code, you can get a verification message and a uuid (two-dimensional code scanning function to obtain a string on the Internet there are also many demo, here not described in detail).
由于手机端已经进行过了登录,在访问手机端的服务器的时候,参数中都回携带一个用户的token,手机端服务器可以从中解析到用户的userId(这里从token中取值而不是手机端直接传userid是为了安全,直接传userid可能会被截获和修改,token是加密的,被修改的风险会小很多)。
手机端将解析到的数据和用户token一起作为参数,向服务器发送验证登录请求(这里的服务器是手机服务器,手机端的服务器跟网页端服务器不是同一台服务器)。服务器收到请求后,首先对比参数中的验证信息,确定是否为用户登录请求接口。如果是,返回一个确认信息给手机端。
手机端收到返回后,将登录确认框显示给用户(防止用户误操作,同时使登录更加人性化)。用户确认是进行的登录操作后,手机再次发送请求。服务器拿到uuId和userId后,将用户的userid作为value值存入redis中以uuid作为key的键值对中。
登录成功
然后,浏览器再次发送请求的时候,浏览器端的服务器就可以得到一个用户Id,并调用登录的方法,声成一个浏览器端的token,再浏览器再次发送请求的时候,将用户信息返回给浏览器,登录成功。这里存储用户id而不是直接存储用户信息是因为,手机端的用户信息,不一定是和浏览器端的用户信息完全一致。
登录原理图如下:
(完)