CN106209727A - A kind of session access method and apparatus - Google Patents
A kind of session access method and apparatus Download PDFInfo
- Publication number
- CN106209727A CN106209727A CN201510214169.1A CN201510214169A CN106209727A CN 106209727 A CN106209727 A CN 106209727A CN 201510214169 A CN201510214169 A CN 201510214169A CN 106209727 A CN106209727 A CN 106209727A
- Authority
- CN
- China
- Prior art keywords
- session
- client
- terminal information
- terminal
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
本申请提供一种会话访问方法和装置,其中方法包括:接收客户端发送的服务访问请求,所述服务访问请求中包括客户端所在终端的第一终端信息、以及用于标识客户端访问服务会话的会话标识;获取预先存储的与所述会话标识对应的第二终端信息,在确定所述第一终端信息与第二终端信息相同时,向所述客户端返回服务访问内容。本申请提高了应用访问的安全性。
The present application provides a session access method and device, wherein the method includes: receiving a service access request sent by a client, the service access request includes the first terminal information of the terminal where the client is located, and the information used to identify the client access service session the session identifier; obtain pre-stored second terminal information corresponding to the session identifier, and return service access content to the client when it is determined that the first terminal information is identical to the second terminal information. This application improves the security of application access.
Description
Technical Field
The present application relates to network technologies, and in particular, to a session access method and apparatus.
Background
In a Browser/Server (B/S) mode-based internet application, when a Server provides application data for a client corresponding to a Browser, the application data is generally authorized only to a user having login rights for security of data access. Moreover, the access of the internet application is in a short link mode, a client needs to establish a session with the server every time when sending a data request to the server, and carries a session identifier to keep the access state of the same application. However, since the session identifier is stored in the client and is easily copied at will, once the session identifier is copied by other terminals and used for requesting a session from the server, there is a security risk in accessing the application.
Disclosure of Invention
In view of this, the present application provides a session access method and apparatus, so as to improve security of application access.
Specifically, the method is realized through the following technical scheme:
in a first aspect, a session access method is provided, including:
receiving a service access request sent by a client, wherein the service access request comprises first terminal information of a terminal where the client is located and a session identifier for identifying a service session accessed by the client;
and obtaining second terminal information which is stored in advance and corresponds to the session identifier, and returning service access content to the client when the first terminal information is determined to be the same as the second terminal information.
In a second aspect, a session access apparatus is provided, including:
the client comprises a request receiving module, a service access request sending by a client, a service processing module and a service processing module, wherein the service access request comprises first terminal information of a terminal where the client is located and a session identifier for identifying a service session accessed by the client;
and the content feedback module is used for acquiring second terminal information which is stored in advance and corresponds to the session identifier, and returning service access content to the client when the first terminal information is determined to be the same as the second terminal information.
According to the session access method and device, the service access content is returned to the client only when the terminal sending the service access request is determined to be the same as the stored terminal, session access of the terminal at different times can be avoided, and therefore application access safety is improved.
Drawings
FIG. 1 is an access system for an Internet application shown in an exemplary embodiment of the present application;
FIG. 2 is a flow chart illustrating a method of session access according to an exemplary embodiment of the present application;
FIG. 3 is a flow chart illustrating another session access method according to an exemplary embodiment of the present application;
fig. 4 is a block diagram of a session access device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Fig. 1 illustrates an access system for an internet application in a B/S mode, which may include a client 11 and a server 12, for example, the client is a makita website opened by a browser running on a terminal 13, and the server 12 is a makita server corresponding to the makita website. The session access method and device of the embodiment of the application are applied to communication between a client and a server, and first, the communication characteristics between the client 11 and the server 12 are briefly described as follows:
still taking the above-mentioned access of the tianmao client to the tianmao server as an example, the content in the tianmao website displayed on the browser may be provided by the server 12, and usually the server 12 only provides the content to the user with login authority, so the user will register to obtain an account number and a password in the tianmao website.
After the account and the password are obtained, the access between the client and the browser adopts a short link mode, specifically, for example, a Tianmao website can include links of a plurality of network resources, such as a clothing detail link, a merchant information link and the like, and the short link mode is characterized in that a session is established with the server every time a user clicks one link (which is equivalent to initiating a data request), and the session is released when the data request corresponding to the link is ended; the next time the next link is clicked on the day cat website (which is equivalent to initiating a data request again), another session is established. The multiple session establishment is the access operation of the user to the Tianmao website after logging in the Tianmao, that is, from the time the user logs in the Tianmao to the time the user quits the access to the Tianmao, multiple data requests may be initiated to the server in the middle, and multiple sessions are established.
For the above access process, the server side records the access, the recording mode is that a session ID is allocated to the whole access process from the time when the user logs in to the time when the user logs out of the access to the skatecat, and multiple sessions in the whole access all carry the same session ID, so that the server can determine that the multiple session accesses all correspond to one access of the same user to the skatecat according to the session ID. Namely, when a certain user logs in a Tianmao, the server distributes a session ID for the user, in the process of accessing the Tianmao by the user, each time a data request creates a session, the session ID is carried, and the server associates and records the access process of the user logging in this time according to the session ID, and belongs to one access of the same user to the Tianmao.
The session access method in the embodiment of the application is applied to determining whether the user has the access right according to the session access method in the embodiment by the server side every time the session is created after the user logs in the Tianmao. Fig. 2 illustrates a session access method performed by a server, including:
201. receiving a service access request sent by a client, wherein the service access request comprises first terminal information of a terminal where the client is located and a session identifier for identifying a service session accessed by the client;
202. and obtaining second terminal information which is stored in advance and corresponds to the session identifier, and returning service access content to the client when the first terminal information is determined to be the same as the second terminal information.
The service access request in 201 is, for example, a user clicks a resource link on a website after logging in a cat, and the service access request is sent to the server 12. The client may carry terminal information of a terminal where the client is located in the request, where the terminal where the client is located is, for example, the terminal 13 shown in fig. 1, and the client skatecat website is run on a browser of the terminal 13; the terminal information is, for example, network connection attribute information such as an IP address and a MAC address, and such information has a characteristic of being difficult to copy. The client also carries a session identifier in the service access request, wherein the session identifier can be a session ID allocated by the server for the current access of the user when the user logs in the Tianmao website for the first time.
In 202, the server 12 may compare the terminal information carried in the service access request with the terminal information corresponding to the session ID stored in advance at this time, and may refer to the terminal information carried in the service access request as first terminal information, and refer to the locally stored terminal information as second terminal information, where the second terminal information may be recorded by the server when the session ID is allocated to the user. If the first terminal information is the same as the second terminal information, it may be determined that the access is initiated by the same terminal, and then service access content, such as data resources linked to a corresponding website, may be returned to the client.
By the session access method shown in fig. 2, the server can ensure the consistency of the terminals accessing the application, and prevent the session ID from being copied between different terminals. For example, when a user logs in a tianmao on the terminal 13, the server allocates a session ID for accessing the session, if the user accesses the tianmao on another terminal, even though the user is still the same user corresponding to the same account password, the server side will usually terminate the authorization of this access after replacing the terminal, and if the another terminal also carries the session ID, the server side only judges whether the user has an access right according to the session ID, so that the user can still access after replacing the terminal, and this kind of random access increases the potential safety hazard. The server of the embodiment allows the continuous access only if the terminal initiating the current session is the same as the terminal during the authorized session according to the session ID and the terminal information, thereby ensuring the access security.
Fig. 3 illustrates another flowchart of the server side processing session access, as shown in fig. 3, including:
301. receiving a session authorization request sent by the client;
for example, a user may enter an account number and password at a tianmao website, and submit the account number and password to the server for authentication in a session authorization request. The session authorization request may further include terminal information of the terminal where the client is located, which may be referred to as second terminal information, such as an IP address of the terminal.
302. Storing the corresponding relation between the session identification and the second terminal information;
for example, after receiving the session authorization request in 301, the server verifies the account and the password, and after the verification is passed, allocates a session identifier for the access of the user, and stores a corresponding relationship between the session identifier and the second terminal information carried in the session authorization request.
303. Returning the authorized session identification to the client;
for example, the server returns the session ID assigned to the user to the client in this step.
304. Receiving a service access request sent by a client;
for example, after the user logs in a tianmao, the resource link of the website is clicked to initiate a service access request, where the request carries the session ID allocated in 303 and also carries terminal information of the terminal where the client is located, which may be referred to as first terminal information.
305. Acquiring second terminal information which is stored in advance and corresponds to the session identifier, and determining that the first terminal information is the same as the second terminal information;
for example, the server acquires the second terminal information corresponding to the session ID from the session ID in 304, and determines whether the second terminal information is the same as the first terminal information. If the access request is different from the access request, the access terminal is not the terminal when the server authorizes the session ID, and the access is refused; otherwise, continue 306 with returning access content to the user.
306. And returning the service access content to the client.
In order to implement the session access method, an embodiment of the present application further provides a session access apparatus, which is applied to a server side, and as shown in fig. 4, the apparatus may include: a request receiving module 41 and a content feedback module 42; wherein,
a request receiving module 41, configured to receive a service access request sent by a client, where the service access request includes first terminal information of a terminal where the client is located and a session identifier for identifying a session for the client to access a service session;
for example, the terminal information may include: network connection attribute information of the terminal. The network connection attribute information includes, for example: IP address or MAC address of the terminal.
And the content feedback module 42 is configured to acquire second terminal information corresponding to the session identifier, which is stored in advance, and return service access content to the client when it is determined that the first terminal information is the same as the second terminal information.
Further, the request receiving module 41 is further configured to receive a session authorization request sent by a client before receiving a service access request sent by the client, where the session authorization request includes the second terminal information;
the content feedback module 42 is further configured to return the authorized session identifier to the client, and store a corresponding relationship between the session identifier and the second terminal information.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (8)
1. A session access method, comprising:
receiving a service access request sent by a client, wherein the service access request comprises first terminal information of a terminal where the client is located and a session identifier for identifying a service session accessed by the client;
and obtaining second terminal information which is stored in advance and corresponds to the session identifier, and returning service access content to the client when the first terminal information is determined to be the same as the second terminal information.
2. The method of claim 1, further comprising, prior to receiving the service access request sent by the client:
receiving a session authorization request sent by the client, wherein the session authorization request comprises the second terminal information;
and returning the authorized session identification to the client, and storing the corresponding relation between the session identification and the second terminal information.
3. The method according to claim 1 or 2, wherein the terminal information comprises: network connection attribute information of the terminal.
4. The method of claim 3, wherein the network connection attribute information comprises: IP address or MAC address of the terminal.
5. A session access apparatus, comprising:
the client comprises a request receiving module, a service access request sending by a client, a service processing module and a service processing module, wherein the service access request comprises first terminal information of a terminal where the client is located and a session identifier for identifying a service session accessed by the client;
and the content feedback module is used for acquiring second terminal information which is stored in advance and corresponds to the session identifier, and returning service access content to the client when the first terminal information is determined to be the same as the second terminal information.
6. The apparatus of claim 5,
the request receiving module is further configured to receive a session authorization request sent by a client before receiving a service access request sent by the client, where the session authorization request includes the second terminal information;
the content feedback module is further configured to return the authorized session identifier to the client, and store a corresponding relationship between the session identifier and the second terminal information.
7. The apparatus according to claim 5 or 6, wherein the terminal information comprises: network connection attribute information of the terminal.
8. The apparatus of claim 7, wherein the network connection attribute information comprises: IP address or MAC address of the terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510214169.1A CN106209727B (en) | 2015-04-29 | 2015-04-29 | Session access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510214169.1A CN106209727B (en) | 2015-04-29 | 2015-04-29 | Session access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106209727A true CN106209727A (en) | 2016-12-07 |
| CN106209727B CN106209727B (en) | 2020-09-01 |
Family
ID=57457572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510214169.1A Active CN106209727B (en) | 2015-04-29 | 2015-04-29 | Session access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106209727B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108390892A (en) * | 2018-03-31 | 2018-08-10 | 北京联想核芯科技有限公司 | A kind of control method and device of remote storage system secure access |
| CN111478909A (en) * | 2020-04-09 | 2020-07-31 | 浪潮软件科技有限公司 | Access processing method, server access method, server and self-service terminal |
| CN111552675A (en) * | 2020-04-24 | 2020-08-18 | 北京达佳互联信息技术有限公司 | Information query method and device, computer equipment and storage medium |
| CN112398783A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Security protection method and device for network sharing session |
| CN112948225A (en) * | 2019-12-24 | 2021-06-11 | 深圳市明源云科技有限公司 | Link monitoring method and device, monitoring equipment and storage medium |
| CN113127307A (en) * | 2021-04-25 | 2021-07-16 | 北京大米科技有限公司 | Method for processing tracing request, related device, system and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1759558A (en) * | 2003-03-10 | 2006-04-12 | 汤姆森特许公司 | An identity mapping mechanism in wlan access control with public authentication servers |
| CN101754215A (en) * | 2008-12-01 | 2010-06-23 | 华为技术有限公司 | Authentication method and system |
| CN101873331A (en) * | 2010-07-07 | 2010-10-27 | 中国工商银行股份有限公司 | Safety authentication method and system |
| US20110225641A1 (en) * | 2010-03-12 | 2011-09-15 | Microsoft Corporation | Token Request Troubleshooting |
| CN102523271A (en) * | 2011-12-08 | 2012-06-27 | 华为技术有限公司 | Terminal and communication method and system thereof |
| CN103051647A (en) * | 2011-10-13 | 2013-04-17 | 阿里巴巴集团控股有限公司 | Method, device and system for implementing session |
| US20130212290A1 (en) * | 2012-02-10 | 2013-08-15 | Empire Technology Development Llc | Providing session identifiers |
| CN104135494A (en) * | 2014-08-22 | 2014-11-05 | 北京京东尚科信息技术有限公司 | Same-account incredible terminal login method and system based on credible terminal |
| CN104468464A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
-
2015
- 2015-04-29 CN CN201510214169.1A patent/CN106209727B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1759558A (en) * | 2003-03-10 | 2006-04-12 | 汤姆森特许公司 | An identity mapping mechanism in wlan access control with public authentication servers |
| CN101754215A (en) * | 2008-12-01 | 2010-06-23 | 华为技术有限公司 | Authentication method and system |
| US20110225641A1 (en) * | 2010-03-12 | 2011-09-15 | Microsoft Corporation | Token Request Troubleshooting |
| CN101873331A (en) * | 2010-07-07 | 2010-10-27 | 中国工商银行股份有限公司 | Safety authentication method and system |
| CN103051647A (en) * | 2011-10-13 | 2013-04-17 | 阿里巴巴集团控股有限公司 | Method, device and system for implementing session |
| CN102523271A (en) * | 2011-12-08 | 2012-06-27 | 华为技术有限公司 | Terminal and communication method and system thereof |
| US20130212290A1 (en) * | 2012-02-10 | 2013-08-15 | Empire Technology Development Llc | Providing session identifiers |
| CN104468464A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Authentication method, device and system |
| CN104135494A (en) * | 2014-08-22 | 2014-11-05 | 北京京东尚科信息技术有限公司 | Same-account incredible terminal login method and system based on credible terminal |
Non-Patent Citations (1)
| Title |
|---|
| 武汉厚溥教育科技有限公司: "JSP动态网站开发", 《JSP动态网站开发》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108390892A (en) * | 2018-03-31 | 2018-08-10 | 北京联想核芯科技有限公司 | A kind of control method and device of remote storage system secure access |
| CN112398783A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Security protection method and device for network sharing session |
| CN112398783B (en) * | 2019-08-15 | 2023-01-06 | 奇安信安全技术(珠海)有限公司 | A security protection method and device for a network sharing session |
| CN112948225A (en) * | 2019-12-24 | 2021-06-11 | 深圳市明源云科技有限公司 | Link monitoring method and device, monitoring equipment and storage medium |
| CN112948225B (en) * | 2019-12-24 | 2023-02-17 | 深圳市明源云科技有限公司 | Link monitoring method and device, monitoring equipment and storage medium |
| CN111478909A (en) * | 2020-04-09 | 2020-07-31 | 浪潮软件科技有限公司 | Access processing method, server access method, server and self-service terminal |
| CN111552675A (en) * | 2020-04-24 | 2020-08-18 | 北京达佳互联信息技术有限公司 | Information query method and device, computer equipment and storage medium |
| CN113127307A (en) * | 2021-04-25 | 2021-07-16 | 北京大米科技有限公司 | Method for processing tracing request, related device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106209727B (en) | 2020-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101771532B (en) | Method, device and system for realizing resource sharing | |
| CN105007280B (en) | A kind of application login method and device | |
| EP3488590B1 (en) | Securing ordered resource access | |
| CN102195957B (en) | Resource sharing method, device and system | |
| CN105991614B (en) | A method, device and server for open authorization and resource access | |
| CN103051630B (en) | Method, the Apparatus and system of third-party application mandate is realized based on open platform | |
| CN110086768B (en) | Service processing method and device | |
| CN102710640B (en) | Authorization requesting method, device and system | |
| US10778668B2 (en) | HTTP session validation module | |
| CN104158818B (en) | A kind of single-point logging method and system | |
| CN103428179B (en) | A kind of log in the method for many domain names website, system and device | |
| CN111783067A (en) | Automatic login method and device between multiple websites | |
| CN106209727A (en) | A kind of session access method and apparatus | |
| CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
| CN106657014B (en) | Method, device and system for accessing data | |
| US20170070486A1 (en) | Server public key pinning by url | |
| CN105337990A (en) | User identity verification method and device | |
| CN103384198A (en) | User identity identification service method and system on basis of mailbox | |
| CN112929388A (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| JP2007310512A (en) | Communication system, service providing server, and user authentication server | |
| CN111786996A (en) | Cross-domain synchronous login state method and device and cross-domain synchronous login system | |
| CN102946396B (en) | User agent's device, host web server and user authen method | |
| CN111182537A (en) | Network access method, device and system for mobile application | |
| CN116248368B (en) | Blockchain-based identity authentication method, system, device, and storage medium | |
| CN111935151B (en) | Cross-domain unified login method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1231271 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200922 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200922 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |
|
| TR01 | Transfer of patent right |