Nothing Special   »   [go: up one dir, main page]

WO2017124922A1 - Method and device for cross-domain system login verification - Google Patents

Method and device for cross-domain system login verification Download PDF

Info

Publication number
WO2017124922A1
WO2017124922A1 PCT/CN2017/070228 CN2017070228W WO2017124922A1 WO 2017124922 A1 WO2017124922 A1 WO 2017124922A1 CN 2017070228 W CN2017070228 W CN 2017070228W WO 2017124922 A1 WO2017124922 A1 WO 2017124922A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
parameter
verification parameter
login
user
Prior art date
Application number
PCT/CN2017/070228
Other languages
French (fr)
Chinese (zh)
Inventor
王冠
Original Assignee
北京京东尚科信息技术有限公司
北京京东世纪贸易有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京京东尚科信息技术有限公司, 北京京东世纪贸易有限公司 filed Critical 北京京东尚科信息技术有限公司
Publication of WO2017124922A1 publication Critical patent/WO2017124922A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of computer technologies, and in particular, to a method and apparatus for cross-domain system login verification.
  • a primary station is a system consisting of many different sub-sites.
  • the primary station and its sub-station can have the same domain name or different domain names.
  • the primary station system has a unified user login entry. After the user logs in to the primary station, the system generates a login identifier for each user.
  • the secondary site determines whether the user logs in and obtains user information based on the login identifier.
  • the client when judging the legality of the user's identity, the client usually writes a cookie to verify the method.
  • the specific method is: the user logs in to generate a unique identifier SID (Security Identifiers); the SID is encrypted and then written.
  • SID Security Identifiers
  • the system obtains the encrypted string in the client cookie for verification; if the verification passes, the page is displayed, and if the verification fails, the system jumps to the login page.
  • the legality verification can be performed normally when the domain name of the primary station and the substation are the same, and when the domain names of the primary station and the substation are different, the identity legality verification cannot be performed, and some user information security problems are brought about.
  • cookies cannot be shared between different domain names. For example, an application under the domain name b.aa.com cannot access a cookie under the c.aa.com domain name. Then, using the above method, as long as the verification SID is valid, it is determined that the user has logged into the system, and the validity of the user identity cannot be verified, so that all authenticated users cannot be guaranteed to be legitimate users. For example, the sub-site will determine whether the user logs in and obtains the user information according to the SID identifier.
  • the B user When the A user logs in and shares the sub-site page link to the B user, the B user will get the login ID of the A user, and the B user can Using this login ID to operate as the A user, if the B user is not a legitimate user, then the information of the A user will be leaked.
  • the present invention provides a cross-domain system login verification method and device, which can verify the validity of a user identity in a sub-site, and prevent the SID identifier from being stolen, thereby ensuring user information security under the sub-station.
  • a method of cross-domain system login verification is provided.
  • a cross-domain system login verification method includes: receiving a request sent by a client, and determining whether the parameter of the request includes a unique identifier; if the parameter of the request includes the unique identifier, according to Determining, by the unique identifier, the first verification parameter and the second verification parameter, and determining whether the first verification parameter and the second verification parameter match, wherein the first verification parameter is located at a client, and the second The verification parameter is located at the server; if the first verification parameter and the second verification parameter match, the login status of the user is obtained from the server according to the unique identifier, and it is determined whether the login status is successful for login; If the login status is successful, the login verification is passed.
  • the login verification fails.
  • the login verification fails.
  • the login verification fails.
  • the matching the first verification parameter and the second verification parameter includes: The first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and the first verification parameter and the second verification parameter are not present And the first verification parameter and the second verification parameter do not match: the first verification parameter and the second verification parameter are both present, but the first verification parameter and the second verification parameter The related fields are not the same; and only one of the first verification parameter and the second verification parameter exists.
  • the method further includes: generating a matched first verification parameter and a second verification parameter, and generating the generated first verification parameter Saved on the client, save the generated second verification parameter to the server.
  • an apparatus for cross-domain system login verification is provided.
  • An apparatus for verifying login authentication of a cross-domain system comprising: a user request receiving module, configured to receive a request sent by a client, and determine whether the parameter of the request includes a unique identifier; and a parameter matching judging module is used for The first verification parameter and the second verification parameter are obtained according to the unique identifier, and the first verification parameter and the second verification parameter are matched, wherein The first verification parameter is located at the client, the second verification parameter is located at the server, and the login status determination module is configured to: according to the unique identifier, if the first verification parameter and the second verification parameter match The server obtains the login status of the user, and determines whether the login status is successful.
  • the user login verification module is configured to: if the login status is successful, the login verification is passed.
  • the user login verification module is further configured to: if the unique identifier is not included in the requested parameter, the login verification fails.
  • the user login verification module is further configured to: if the first verification parameter and the second verification parameter do not match, the login verification fails.
  • the user login verification module is further configured to: if the login status is not successful, the login verification fails.
  • the matching the first verification parameter and the second verification parameter includes: the first verification parameter and the second verification parameter are both present, and the first verification parameter and the second verification parameter are The related fields are the same; and the first verification parameter and the second verification parameter are not present; and the first verification parameter and the second verification parameter do not match include: the first verification parameter and the The second verification parameter exists, but the related fields in the first verification parameter and the second verification parameter are different; and only one of the first verification parameter and the second verification parameter exists.
  • the method further includes: a verification parameter generating module, configured to generate a matching first verification parameter and a second verification parameter if the first verification parameter and the second verification parameter are not present, and generate the The first verification parameter is saved in the client, and the generated second verification parameter is saved in the server.
  • a verification parameter generating module configured to generate a matching first verification parameter and a second verification parameter if the first verification parameter and the second verification parameter are not present, and generate the The first verification parameter is saved in the client, and the generated second verification parameter is saved in the server.
  • the technical solution of the present invention by introducing two verification parameters, one verification parameter is saved in the cookie of the client, another verification parameter is saved in the cache of the server, and the calibration is obtained according to the comparison of the two verification parameters introduced. Check the results to determine if the user is legitimate or successful.
  • the technical solution of the present invention can solve the problem of verifying the validity of the user identity of the cross-domain name subsystem, and can verify the legality of the user identity in the sub-site, prevent the SID identity from being stolen, and ensure the user information under the sub-station. Safety.
  • FIG. 1 is a schematic diagram of main steps of a method for cross-domain system login verification according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of main modules of an apparatus for cross-domain system login verification according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for implementing cross-domain system login verification according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of main steps of a method for cross-domain system login verification according to an embodiment of the present invention. As shown in FIG. 1 , the method for verifying the cross-domain system login in this embodiment mainly includes the following steps S101 to S104.
  • Step S101 Receive a request sent by the client, and determine whether the parameter of the request includes a unique identifier.
  • Step S102 If the requested parameter includes a unique identifier, obtain the first verification parameter and the second verification parameter according to the unique identifier, and determine whether the first verification parameter and the second verification parameter match.
  • the first verification parameter is located at the client, and the second verification parameter is located at the server.
  • the login verification fails.
  • the first verification parameter and the second verification parameter are matched, and the method includes: the first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and the first verification parameter and the first The second verification parameter does not exist; and the first verification parameter and the second verification parameter do not match, and the method includes: the first verification parameter and the second verification parameter are both present, but the related fields in the first verification parameter and the second verification parameter are not the same; Only one of the first verification parameter and the second verification parameter exists.
  • the matched first verification parameter and the second verification parameter may also be generated, and the generated first verification parameter is saved in the client. End, save the generated second verification parameters on the server.
  • Step S103 If the first verification parameter and the second verification parameter match, the login status of the user is obtained from the server according to the unique identifier, and it is determined whether the login status is successful login.
  • the login verification does not pass.
  • Step S104 If the login status is successful, the login verification is passed.
  • the login verification does not pass.
  • the legality verification of the user identity of the cross-domain system can be implemented, thereby preventing the illegal user from stealing the SID parameter for malicious operation when the primary station and the sub-domain are different.
  • the main modules of the device 20 for cross-domain system login verification include: a user request receiving module 201, a parameter matching determining module 202, a login state determining module 203, and a user login verifying module 204.
  • the user request receiving module 201 is configured to receive a request sent by the client, and determine whether the requested parameter includes a unique identifier.
  • the parameter matching determining module 202 is configured to request The first verification parameter and the second verification parameter are obtained according to the unique identifier, and the first verification parameter and the second verification parameter are matched, wherein the first verification parameter is located at the client, and the second The verification parameter is located in the server;
  • the login status determination module 203 is configured to: if the first verification parameter and the second verification parameter match, obtain the login status of the user from the server according to the unique identifier, and determine whether the login status is successful login; user login verification
  • the module 204 is configured to: if the login status is successful, the login verification is passed.
  • the user login verification module may be further configured to: if the requested parameter does not include the unique identifier, the login verification fails. And, if the first verification parameter and the second verification parameter do not match, the login verification fails. And, if the login status is not successful, the login verification does not pass.
  • the first verification parameter and the second verification parameter are matched, and the method includes: the first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; And the first verification parameter and the second verification parameter are not present; and the first verification parameter and the second verification parameter do not match, the method may include: the first verification parameter and the second verification parameter are both present, but the first verification parameter and the first The relevant fields in the two verification parameters are different; and only one of the first verification parameter and the second verification parameter exists.
  • the apparatus for verifying the cross-domain system login may further include a verification parameter generating module, configured to generate a matching first verification parameter and the second verification if the first verification parameter and the second verification parameter are not present Parameters, and save the generated first verification parameters on the client, and save the generated second verification parameters on the server.
  • a verification parameter generating module configured to generate a matching first verification parameter and the second verification if the first verification parameter and the second verification parameter are not present Parameters, and save the generated first verification parameters on the client, and save the generated second verification parameters on the server.
  • the implementation flow of the method for verifying the cross-domain system login according to the embodiment of the present invention is described in detail below.
  • the invention introduces two verification parameters, one verification parameter is stored in the cookie of the client, another verification parameter is saved in the cache of the server, and the verification result obtained by comparing the two verification parameters introduced is Determine if the user is legal or login successful.
  • FIG. 3 it is a schematic flowchart of an implementation method of a cross-domain system login verification according to an embodiment of the present invention.
  • the implementation process of the method for verifying the cross-domain system login authentication in the embodiment of the present invention may mainly include the following steps S301 to S308.
  • Step S301 Receive a request sent by the client, and determine whether the parameter of the request includes an SID parameter. If the SID parameter is included in the parameter of the request, step S302 is performed, otherwise step S308 is performed.
  • the client can send a request to the sub-station server by accessing the page link of the sub-site page, and the requested parameters are included in the link of the page.
  • the SID parameter is the identifier of the user login, which is a unique string generated when the user logs in. The unique string corresponds to a user account.
  • the SID parameter can be stored in the server cache (cache) and the client's cookie. Therefore, if the SID parameter is included in the link of the access page, the SID parameter is included in the request sent by the client, otherwise the SID parameter is not included in the request.
  • the SID parameter life cycle starts when the user logs in to the system.
  • the expiration time of the SID parameter is usually set to 1 hour.
  • the expiration time is exceeded, the SID parameter has expired. Set the expiration time to a different value.
  • Step S302 It is determined whether the verification parameter exists in both the client cookie and the server cache. If yes, step S303 is performed; otherwise, step S304 is performed.
  • the verification parameter in the client cookie is recorded as the first verification parameter
  • the verification parameter in the server cache is recorded as the second verification parameter
  • the client is the client that is currently requesting to log in to the substation.
  • the system will generate the first time when accessing the substation page for the first time.
  • a validation parameter and the first verification parameter is written to the client's cookie.
  • the generation rule of the first verification parameter may be: name, value. Where the name parameter is the cookie name and the value parameter is the cookie value.
  • the server is a child server. After the user logs in through the unified login portal of the system, the system generates a second verification parameter and writes the second verification parameter to the cache of the server.
  • the second verification parameter generation rule may be: key+sid, ⁇ name, value ⁇ , where the name parameter is the cookie name of the user client, the value parameter is the cookie value of the user client, and the key parameter is customized for each sub-server server.
  • the string is used to distinguish different systems. Since the SID parameter contained in the link of the user accessing the page can find the server cache storing the SID parameter, the parameter can also be set by default.
  • the first verification parameter and the second verification parameter have respective life cycles, and the life cycle of the first verification parameter may generally be 30 days or other values.
  • the life cycle of the second verification parameter can be 24 hours or other values. It should be noted that, in order to ensure that the implementation process of the embodiment of the present invention is performed normally, the values of the first verification parameter and the second verification parameter need to be greater than the expiration time of the SID parameter.
  • the user A accesses the above page link as an example. If the user A logs in to the above system and accesses the above page link, the first authentication parameter is saved in the client cookie, and accordingly, the server cache is saved. a second verification parameter, in the life cycle of the first verification parameter and the second verification parameter, the first verification parameter and the second verification parameter are obtained; if no user logs in to the system, the client cookie and the server cache There are no verification parameters in it.
  • Step S303 It is determined whether the first verification parameter in the client cookie matches the second verification parameter in the server cache. If yes, step S306 is performed; otherwise, step S308 is performed.
  • Determining whether the first verification parameter in the client cookie matches the second verification parameter in the server cache mainly determining whether the first verification parameter and the related field in the second verification parameter are the same, that is, determining the The name field and the value field in the verification parameter are the same as the name field and the value field of the second verification parameter. If they are the same, it is determined that the first verification parameter and the second verification parameter match, otherwise it is determined as a mismatch.
  • the user A receives and accesses the page link sent by the user B, where the user B is a user different from the user A, and the user B has logged into the system and accesses the sub-page by using the user account ID1.
  • the first authentication parameter obtained by the system is the verification parameter saved in the user A client cookie, and the system obtains
  • the second verification parameter to be obtained is the verification parameter stored in the server cache when the user B logs in to the system, and then the first verification parameter and the second verification parameter are mismatched. Another case may be considered.
  • the first verification obtained by the system is obtained.
  • the parameter is a verification parameter saved in the user A client cookie
  • the second verification parameter obtained by the system is a verification parameter stored in the server cache when the user A logs in to the system, then the first verification parameter and the second verification parameter are matched.
  • step S303 the first verification parameter and the second verification parameter are not present, and the two verification parameters may be considered to be matched, and only the first verification parameter and the second verification parameter are only If one of the two verification parameters does not match, in order to make the method flow of the embodiment more clear, the two special cases are not described here, but are detailed in step S304.
  • Step S304 It is determined whether the first verification parameter in the client cookie and the second verification parameter in the server cache are not present. If yes, step S305 is performed; otherwise, step S308 is performed.
  • step S305 can be performed at this time to generate matching verification parameters respectively stored in the client cookie and the server cache.
  • step S308 is performed, and the user login verification fails.
  • the second verification parameter exists in the first verification parameter and the second verification parameter, for example, the user A receives and accesses a page link sent by the user B, where the user B is a user different from the user A, and the user B uses the user account ID1 to log in to the above system and access the sub-site page. If user A does not log in to the system using user account ID1, the first authentication parameter does not exist in the client-side cookie of user A, and user B is stored in the server cache.
  • the second verification parameter generated when the sub-site page is accessed for the first time after logging in to the system that is, the first verification parameter does not exist, and the second verification parameter exists.
  • the first verification parameter does not exist in the first verification parameter and the second verification parameter.
  • the life cycle of the first verification parameter is longer than the life cycle of the second verification parameter, when the second verification parameter has expired When the first verification parameter has not expired, only the first verification parameter exists, and the second verification parameter does not exist.
  • step S308 is performed.
  • step S306 is executed to obtain the login status of the user from the server according to the unique identifier, and determine whether the login status is successful.
  • step S305 may also be performed.
  • Step S305 Generate a matching first verification parameter and a second verification parameter, and save the generated first verification parameter in the client, and save the generated second verification parameter in the server.
  • the generated first verification parameter and the second verification parameter mainly include a first verification parameter and a second verification parameter that generate the same related field, that is, the first field and the value field of the first verification parameter and the second verification parameter respectively correspond to the same.
  • Step S306 Acquire a login status of the user from the session center according to the unique identifier, and determine whether the login status is successful login.
  • the login status may include login success and login failure.
  • the system proceeds from the session according to the unique identifier.
  • the center gets the login status of the user.
  • the session center is mainly used to provide a service for querying whether the SID parameter expires and obtaining pin information according to the SID parameter, where the pin information is used to identify the identity of the login user.
  • the session center is usually set up separately from the server or integrated on the server.
  • the user login status may be obtained by acquiring the pin information according to the SID parameter, and the pin information may be a user login account, or other identifier information indicating the identity of the login user. If the pin information is obtained, the login status returned by the system is that the login is successful, and step S307 is performed, and the login verification is passed; if the pin information is not obtained, The login status returned by the system is that the login fails. In step S308, the login verification fails.
  • Step S307 It is determined that the login verification requesting the login is passed, that is, the user does not need to log in to the system again.
  • Step S308 It is determined that the login verification requesting the login fails, that is, jumping to the user login page, or prompting the user to log in again by other means.
  • the foregoing steps of the embodiment of the present invention are mainly directed to the implementation process of the primary station and the sub-station under different domain names.
  • the technical solution of the embodiment of the present invention solves the problem of user information leakage, and overcomes the problem that the user information cannot be overcome.
  • a cross-domain system uses existing technology for the defect of login legality verification.
  • the technical solution of the embodiment of the present invention is also applicable to the case where the primary station and the secondary station belong to the same sub-domain.
  • one verification parameter is saved in the cookie of the client, and another verification parameter is saved in the cache of the server, and is compared according to the two verification parameters introduced.
  • the result of the verification is to determine whether the user is legal or successful.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a method and device for cross-domain system login verification, which can resolve a problem of verifying a user identity in a cross-domain subsystem, and can realize verification of the user identity in a sub-site, prevent an SID from being stolen, and guarantee user information security in the sub-site. The method for cross-domain system login verification comprises: receiving a request sent by a client and determining whether a parameter of the request contains a unique identifier; if the parameter contains the unique identifier, obtaining a first verification parameter located at the client and a second verification parameter located at a server on the basis of the unique identifier, and determining whether the first verification parameter and the second verification parameter match; if the first verification parameter and the second verification parameter match, obtaining a login state of a user from the server on the basis of the unique identifier, and determining whether the login state indicates a successful login; and if the login state indicates a successful login, login verification has succeeded.

Description

一种跨域系统登录验证的方法和装置Method and device for cross-domain system login verification 技术领域Technical field
本发明涉及计算机技术领域,特别地涉及一种跨域系统登录验证的方法和装置。The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for cross-domain system login verification.
背景技术Background technique
主站是由许多不同的子站点组成的系统,主站及其下面的子站可以具有相同的域名,也可具有不同的域名。主站系统有统一的用户登录入口,用户登录主站后,系统会为每个用户生成一个登录标识,子站点将根据这个登录标识来判断用户是否登录以及获取用户信息。目前,在判断用户身份的合法性时,通常采用在客户端写入cookie的方式来进行验证,具体方法为:用户登录生成唯一标识SID(Security Identifiers,安全标识符);将SID加密后写入客户端cookie;用户访问需要登录的页面时,系统取得客户端cookie中的加密串进行验证;验证通过则展示页面,验证不通过则跳转到登录页。这种方法在主站和子站域名相同时能够正常地进行合法性验证,而在主站和子站域名不同时,则无法进行身份合法性验证,并会带来一些用户信息安全问题。A primary station is a system consisting of many different sub-sites. The primary station and its sub-station can have the same domain name or different domain names. The primary station system has a unified user login entry. After the user logs in to the primary station, the system generates a login identifier for each user. The secondary site determines whether the user logs in and obtains user information based on the login identifier. At present, when judging the legality of the user's identity, the client usually writes a cookie to verify the method. The specific method is: the user logs in to generate a unique identifier SID (Security Identifiers); the SID is encrypted and then written. Client cookie; when the user accesses the page that needs to be logged in, the system obtains the encrypted string in the client cookie for verification; if the verification passes, the page is displayed, and if the verification fails, the system jumps to the login page. In this method, the legality verification can be performed normally when the domain name of the primary station and the substation are the same, and when the domain names of the primary station and the substation are different, the identity legality verification cannot be performed, and some user information security problems are brought about.
由于根据cookie的规范,不同域名之间无法共享cookie,例如:域名b.aa.com下的应用无法访问c.aa.com域名下的cookie。那么,采用上述的方法则只要校验SID有效就判定为用户登录过系统,而无法验证用户身份的合法性,从而无法保证所有通过身份验证的用户都是合法用户。例如:子站点将根据上述SID标识来判断用户是否登录以及获取用户信息,当A用户登录后将子站点页面链接分享给B用户时,B用户将得到A用户的登录标识SID,B用户就可以利用这个登录标识以A用户的身份进行操作,如果B用户不是合法用户,那么将会导致A用户的信息泄漏。 Due to the cookie specification, cookies cannot be shared between different domain names. For example, an application under the domain name b.aa.com cannot access a cookie under the c.aa.com domain name. Then, using the above method, as long as the verification SID is valid, it is determined that the user has logged into the system, and the validity of the user identity cannot be verified, so that all authenticated users cannot be guaranteed to be legitimate users. For example, the sub-site will determine whether the user logs in and obtains the user information according to the SID identifier. When the A user logs in and shares the sub-site page link to the B user, the B user will get the login ID of the A user, and the B user can Using this login ID to operate as the A user, if the B user is not a legitimate user, then the information of the A user will be leaked.
可见,现有方法在使用过程中,无法解决跨域名子系统的用户身份合法性校验问题。It can be seen that the existing method cannot solve the problem of verifying the legality of the user identity of the cross-domain name subsystem during use.
发明内容Summary of the invention
有鉴于此,本发明提供一种跨域系统登录验证的方法和装置,能够在子站点内进行用户身份的合法性验证,防止SID标识被盗用,从而保证子站下的用户信息安全。In view of this, the present invention provides a cross-domain system login verification method and device, which can verify the validity of a user identity in a sub-site, and prevent the SID identifier from being stolen, thereby ensuring user information security under the sub-station.
为实现上述目的,根据本发明的一个方面,提供了一种跨域系统登录验证的方法。To achieve the above object, according to an aspect of the present invention, a method of cross-domain system login verification is provided.
一种跨域系统登录验证的方法,包括:接收客户端发来的请求,并判断所述请求的参数中是否包含唯一标识符;如果所述请求的参数中包含所述唯一标识符,则根据所述唯一标识符获取第一验证参数和第二验证参数,并判断所述第一验证参数和所述第二验证参数是否匹配,其中,所述第一验证参数位于客户端,所述第二验证参数位于服务器;如果所述第一验证参数和所述第二验证参数匹配,则根据所述唯一标识符从所述服务器获取用户的登录状态,并判断所述登录状态是否为登录成功;如果所述登录状态为登录成功,则登录验证通过。A cross-domain system login verification method includes: receiving a request sent by a client, and determining whether the parameter of the request includes a unique identifier; if the parameter of the request includes the unique identifier, according to Determining, by the unique identifier, the first verification parameter and the second verification parameter, and determining whether the first verification parameter and the second verification parameter match, wherein the first verification parameter is located at a client, and the second The verification parameter is located at the server; if the first verification parameter and the second verification parameter match, the login status of the user is obtained from the server according to the unique identifier, and it is determined whether the login status is successful for login; If the login status is successful, the login verification is passed.
可选地,如果所述请求的参数中不包含所述唯一标识符,则登录验证不通过。Optionally, if the unique identifier is not included in the requested parameter, the login verification fails.
可选地,如果所述第一验证参数和所述第二验证参数不匹配,则登录验证不通过。Optionally, if the first verification parameter and the second verification parameter do not match, the login verification fails.
可选地,如果所述登录状态不是登录成功,则登录验证不通过。Optionally, if the login status is not successful, the login verification fails.
可选地,所述第一验证参数和所述第二验证参数匹配包括:所述 第一验证参数和所述第二验证参数都存在,且所述第一验证参数和所述第二验证参数中相关字段相同;和所述第一验证参数和所述第二验证参数都不存在;并且,所述第一验证参数和所述第二验证参数不匹配包括:所述第一验证参数和所述第二验证参数都存在,但是所述第一验证参数和所述第二验证参数中相关字段不相同;和所述第一验证参数和所述第二验证参数两者中只存在其中一个。Optionally, the matching the first verification parameter and the second verification parameter includes: The first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and the first verification parameter and the second verification parameter are not present And the first verification parameter and the second verification parameter do not match: the first verification parameter and the second verification parameter are both present, but the first verification parameter and the second verification parameter The related fields are not the same; and only one of the first verification parameter and the second verification parameter exists.
可选地,所述第一验证参数和所述第二验证参数都不存在的步骤之后,还包括:生成匹配的第一验证参数和第二验证参数,并将所述生成的第一验证参数保存在客户端,将所述生成的第二验证参数保存在服务器。Optionally, after the step that the first verification parameter and the second verification parameter are not present, the method further includes: generating a matched first verification parameter and a second verification parameter, and generating the generated first verification parameter Saved on the client, save the generated second verification parameter to the server.
根据本发明的另一方面,提供了一种跨域系统登录验证的装置。According to another aspect of the present invention, an apparatus for cross-domain system login verification is provided.
一种跨域系统登录验证的装置,包括:用户请求接收模块,用于接收客户端发来的请求,并判断所述请求的参数中是否包含唯一标识符;参数匹配判断模块,用于如果所述请求的参数中包含所述唯一标识符,则根据所述唯一标识符获取第一验证参数和第二验证参数,并判断所述第一验证参数和所述第二验证参数是否匹配,其中,所述第一验证参数位于客户端,所述第二验证参数位于服务器;登录状态判断模块,用于如果所述第一验证参数和所述第二验证参数匹配,则根据所述唯一标识符从所述服务器获取用户的登录状态,并判断所述登录状态是否为登录成功;用户登录验证模块,用于如果所述登录状态为登录成功,则登录验证通过。An apparatus for verifying login authentication of a cross-domain system, comprising: a user request receiving module, configured to receive a request sent by a client, and determine whether the parameter of the request includes a unique identifier; and a parameter matching judging module is used for The first verification parameter and the second verification parameter are obtained according to the unique identifier, and the first verification parameter and the second verification parameter are matched, wherein The first verification parameter is located at the client, the second verification parameter is located at the server, and the login status determination module is configured to: according to the unique identifier, if the first verification parameter and the second verification parameter match The server obtains the login status of the user, and determines whether the login status is successful. The user login verification module is configured to: if the login status is successful, the login verification is passed.
可选地,所述用户登录验证模块还用于:如果所述请求的参数中不包含所述唯一标识符时,则登录验证不通过。Optionally, the user login verification module is further configured to: if the unique identifier is not included in the requested parameter, the login verification fails.
可选地,所述用户登录验证模块还用于:如果所述第一验证参数和所述第二验证参数不匹配,则登录验证不通过。 Optionally, the user login verification module is further configured to: if the first verification parameter and the second verification parameter do not match, the login verification fails.
可选地,所述用户登录验证模块还用于:如果所述登录状态不是登录成功,则登录验证不通过。Optionally, the user login verification module is further configured to: if the login status is not successful, the login verification fails.
可选地,所述第一验证参数和所述第二验证参数匹配包括:所述第一验证参数和所述第二验证参数都存在,且所述第一验证参数和所述第二验证参数中相关字段相同;和所述第一验证参数和所述第二验证参数都不存在;并且,所述第一验证参数和所述第二验证参数不匹配包括:所述第一验证参数和所述第二验证参数都存在,但是所述第一验证参数和所述第二验证参数中相关字段不相同;和所述第一验证参数和所述第二验证参数两者中只存在其中一个。Optionally, the matching the first verification parameter and the second verification parameter includes: the first verification parameter and the second verification parameter are both present, and the first verification parameter and the second verification parameter are The related fields are the same; and the first verification parameter and the second verification parameter are not present; and the first verification parameter and the second verification parameter do not match include: the first verification parameter and the The second verification parameter exists, but the related fields in the first verification parameter and the second verification parameter are different; and only one of the first verification parameter and the second verification parameter exists.
可选地,还包括验证参数生成模块,用于如果所述第一验证参数和所述第二验证参数都不存在,则生成匹配的第一验证参数和第二验证参数,并将所述生成的第一验证参数保存在客户端,将所述生成的第二验证参数保存在服务器。Optionally, the method further includes: a verification parameter generating module, configured to generate a matching first verification parameter and a second verification parameter if the first verification parameter and the second verification parameter are not present, and generate the The first verification parameter is saved in the client, and the generated second verification parameter is saved in the server.
根据本发明的技术方案,通过引入两个验证参数,一个验证参数保存在客户端的cookie中,另一个验证参数保存在服务器的缓存中,并根据对引入的两个验证参数进行比对得到的校验结果,来判断用户是否合法或登录成功。使用本发明的技术方案,能够解决跨域名子系统的用户身份合法性校验问题,并且能够实现在子站点内进行用户身份的合法性验证,防止SID标识被盗用,保证子站下的用户信息安全。According to the technical solution of the present invention, by introducing two verification parameters, one verification parameter is saved in the cookie of the client, another verification parameter is saved in the cache of the server, and the calibration is obtained according to the comparison of the two verification parameters introduced. Check the results to determine if the user is legitimate or successful. The technical solution of the present invention can solve the problem of verifying the validity of the user identity of the cross-domain name subsystem, and can verify the legality of the user identity in the sub-site, prevent the SID identity from being stolen, and ensure the user information under the sub-station. Safety.
附图说明DRAWINGS
附图用于更好地理解本发明,不构成对本发明的不当限定。其中:The drawings are intended to provide a better understanding of the invention and are not intended to limit the invention. among them:
图1是根据本发明实施例的跨域系统登录验证的方法的主要步骤示意图;1 is a schematic diagram of main steps of a method for cross-domain system login verification according to an embodiment of the present invention;
图2是根据本发明实施例的跨域系统登录验证的装置的主要模块示意图; 2 is a schematic diagram of main modules of an apparatus for cross-domain system login verification according to an embodiment of the present invention;
图3是根据本发明实施例的跨域系统登录验证的方法实现流程示意图。FIG. 3 is a schematic flowchart of a method for implementing cross-domain system login verification according to an embodiment of the present invention.
具体实施方式detailed description
以下结合附图对本发明的示范性实施例做出说明,其中包括本发明实施例的各种细节以助于理解,应当将它们认为仅仅是示范性的。因此,本领域普通技术人员应当认识到,可以对这里描述的实施例做出各种改变和修改,而不会背离本发明的范围和精神。同样,为了清楚和简明,以下的描述中省略了对公知功能和结构的描述。The exemplary embodiments of the present invention are described with reference to the accompanying drawings, and are in the Therefore, it will be apparent to those skilled in the art that various modifications and changes may be made to the embodiments described herein without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
图1是根据本发明实施例的跨域系统登录验证的方法的主要步骤示意图。如图1所示,本实施例的跨域系统登录验证的方法主要包括如下的步骤S101至步骤S104。FIG. 1 is a schematic diagram of main steps of a method for cross-domain system login verification according to an embodiment of the present invention. As shown in FIG. 1 , the method for verifying the cross-domain system login in this embodiment mainly includes the following steps S101 to S104.
步骤S101:接收客户端发来的请求,并判断该请求的参数中是否包含唯一标识符。Step S101: Receive a request sent by the client, and determine whether the parameter of the request includes a unique identifier.
步骤S102:如果请求的参数中包含唯一标识符,则根据该唯一标识符获取第一验证参数和第二验证参数,并判断第一验证参数和第二验证参数是否匹配。其中,第一验证参数位于客户端,第二验证参数位于服务器。Step S102: If the requested parameter includes a unique identifier, obtain the first verification parameter and the second verification parameter according to the unique identifier, and determine whether the first verification parameter and the second verification parameter match. The first verification parameter is located at the client, and the second verification parameter is located at the server.
根据本发明的实施例,如果请求的参数中不包含唯一标识符,则登录验证不通过。According to an embodiment of the invention, if the requested parameter does not contain a unique identifier, the login verification fails.
其中,第一验证参数和第二验证参数匹配,可以包括:第一验证参数和第二验证参数都存在,且第一验证参数和第二验证参数中相关字段相同;和第一验证参数和第二验证参数都不存在;并且,第一验证参数和第二验证参数不匹配,可以包括:第一验证参数和第二验证参数都存在,但是第一验证参数和第二验证参数中相关字段不相同; 和第一验证参数和第二验证参数两者中只存在其中一个。The first verification parameter and the second verification parameter are matched, and the method includes: the first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and the first verification parameter and the first The second verification parameter does not exist; and the first verification parameter and the second verification parameter do not match, and the method includes: the first verification parameter and the second verification parameter are both present, but the related fields in the first verification parameter and the second verification parameter are not the same; Only one of the first verification parameter and the second verification parameter exists.
根据本发明的实施例,在第一验证参数和第二验证参数都不存在的步骤之后,还可以生成匹配的第一验证参数和第二验证参数,并将生成的第一验证参数保存在客户端,将生成的第二验证参数保存在服务器。According to an embodiment of the present invention, after the step that the first verification parameter and the second verification parameter are not present, the matched first verification parameter and the second verification parameter may also be generated, and the generated first verification parameter is saved in the client. End, save the generated second verification parameters on the server.
步骤S103:如果第一验证参数和第二验证参数匹配,则根据唯一标识符从服务器获取用户的登录状态,并判断该登录状态是否为登录成功。Step S103: If the first verification parameter and the second verification parameter match, the login status of the user is obtained from the server according to the unique identifier, and it is determined whether the login status is successful login.
根据本发明的实施例,如果第一验证参数和第二验证参数不匹配,则登录验证不通过。According to an embodiment of the present invention, if the first verification parameter and the second verification parameter do not match, the login verification does not pass.
步骤S104:如果登录状态为登录成功,则登录验证通过。Step S104: If the login status is successful, the login verification is passed.
根据本发明的实施例,如果登录状态不是登录成功,则登录验证不通过。According to an embodiment of the present invention, if the login status is not successful, the login verification does not pass.
根据以上的步骤S101至步骤S104,即可实现跨域系统的用户身份的合法性验证,从而防止主站和子站在域名不同时非法用户盗用SID参数来进行恶意操作。According to the above steps S101 to S104, the legality verification of the user identity of the cross-domain system can be implemented, thereby preventing the illegal user from stealing the SID parameter for malicious operation when the primary station and the sub-domain are different.
图2是根据本发明实施例的跨域系统登录验证的装置的主要模块示意图。如图2所示,本发明实施例的跨域系统登录验证的装置20的主要模块包括:用户请求接收模块201、参数匹配判断模块202、登录状态判断模块203、用户登录验证模块204。2 is a schematic diagram of main modules of an apparatus for cross-domain system login verification according to an embodiment of the present invention. As shown in FIG. 2, the main modules of the device 20 for cross-domain system login verification according to the embodiment of the present invention include: a user request receiving module 201, a parameter matching determining module 202, a login state determining module 203, and a user login verifying module 204.
用户请求接收模块201,用于接收客户端发来的请求,并判断请求的参数中是否包含唯一标识符;参数匹配判断模块202,用于如果请求 的参数中包含唯一标识符,则根据唯一标识符获取第一验证参数和第二验证参数,并判断第一验证参数和第二验证参数是否匹配,其中,第一验证参数位于客户端,第二验证参数位于服务器;登录状态判断模块203,用于如果第一验证参数和第二验证参数匹配,则根据唯一标识符从服务器获取用户的登录状态,并判断登录状态是否为登录成功;用户登录验证模块204,用于如果登录状态为登录成功,则登录验证通过。The user request receiving module 201 is configured to receive a request sent by the client, and determine whether the requested parameter includes a unique identifier. The parameter matching determining module 202 is configured to request The first verification parameter and the second verification parameter are obtained according to the unique identifier, and the first verification parameter and the second verification parameter are matched, wherein the first verification parameter is located at the client, and the second The verification parameter is located in the server; the login status determination module 203 is configured to: if the first verification parameter and the second verification parameter match, obtain the login status of the user from the server according to the unique identifier, and determine whether the login status is successful login; user login verification The module 204 is configured to: if the login status is successful, the login verification is passed.
根据本发明的实施例,用户登录验证模块还可以用于:如果请求的参数中不包含唯一标识符,则登录验证不通过。以及,还可以用于如果第一验证参数和第二验证参数不匹配,则登录验证不通过。以及,还可以用于如果登录状态不是登录成功,则登录验证不通过。According to an embodiment of the present invention, the user login verification module may be further configured to: if the requested parameter does not include the unique identifier, the login verification fails. And, if the first verification parameter and the second verification parameter do not match, the login verification fails. And, if the login status is not successful, the login verification does not pass.
并且,本发明的实施例中,第一验证参数和第二验证参数匹配,可以包括:第一验证参数和第二验证参数都存在,且第一验证参数和第二验证参数中相关字段相同;和第一验证参数和第二验证参数都不存在;并且,第一验证参数和第二验证参数不匹配,可以包括:第一验证参数和第二验证参数都存在,但是第一验证参数和第二验证参数中相关字段不相同;和第一验证参数和第二验证参数两者中只存在其中一个。In the embodiment of the present invention, the first verification parameter and the second verification parameter are matched, and the method includes: the first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; And the first verification parameter and the second verification parameter are not present; and the first verification parameter and the second verification parameter do not match, the method may include: the first verification parameter and the second verification parameter are both present, but the first verification parameter and the first The relevant fields in the two verification parameters are different; and only one of the first verification parameter and the second verification parameter exists.
根据本发明的实施例,跨域系统登录验证的装置还可以包括验证参数生成模块,用于如果第一验证参数和第二验证参数都不存在,则生成匹配的第一验证参数和第二验证参数,并将生成的第一验证参数保存在客户端,将生成的第二验证参数保存在服务器。According to an embodiment of the present invention, the apparatus for verifying the cross-domain system login may further include a verification parameter generating module, configured to generate a matching first verification parameter and the second verification if the first verification parameter and the second verification parameter are not present Parameters, and save the generated first verification parameters on the client, and save the generated second verification parameters on the server.
下面将详细地介绍本发明实施例的跨域系统登录验证的方法的实现流程。本发明是通过引入两个验证参数,一个验证参数保存在客户端的cookie中,另一个验证参数保存在服务器的缓存中,并根据对引入的两个验证参数进行比对得到的校验结果,来判断用户是否合法或 登录成功。如图3所示,是根据本发明实施例的跨域系统登录验证的方法的实现流程示意图。本发明实施例的跨域系统登录验证的方法的实现流程可主要包括以下步骤S301至步骤S308。The implementation flow of the method for verifying the cross-domain system login according to the embodiment of the present invention is described in detail below. The invention introduces two verification parameters, one verification parameter is stored in the cookie of the client, another verification parameter is saved in the cache of the server, and the verification result obtained by comparing the two verification parameters introduced is Determine if the user is legal or login successful. As shown in FIG. 3, it is a schematic flowchart of an implementation method of a cross-domain system login verification according to an embodiment of the present invention. The implementation process of the method for verifying the cross-domain system login authentication in the embodiment of the present invention may mainly include the following steps S301 to S308.
步骤S301:接收客户端发来的请求,并判断该请求的参数中是否包含SID参数。如果该请求的参数中包含该SID参数,则执行步骤S302,否则执行步骤S308。Step S301: Receive a request sent by the client, and determine whether the parameter of the request includes an SID parameter. If the SID parameter is included in the parameter of the request, step S302 is performed, otherwise step S308 is performed.
其中,客户端可以通过访问子站点页面的页面链接向子站服务器发送请求,请求的参数包含在该页面链接中。SID参数为用户登录的标识,是用户登录时生成的一个唯一的字符串,该唯一的字符串对应一个用户账号。当用户通过统一的登录入口登录该系统,并访问主站下面的子站页面或者再次访问该主站时,访问页面的链接中将会包含该SID参数。该SID参数可以被存储在服务器缓存(cache)和客户端的cookie中。因此,如果访问页面的链接中包含该SID参数,则客户端发来的请求中就会包含该SID参数,否则该请求中不包含该SID参数。The client can send a request to the sub-station server by accessing the page link of the sub-site page, and the requested parameters are included in the link of the page. The SID parameter is the identifier of the user login, which is a unique string generated when the user logs in. The unique string corresponds to a user account. When the user logs in to the system through a unified login portal and accesses the substation page under the primary station or accesses the primary station again, the SID parameter will be included in the link to the access page. The SID parameter can be stored in the server cache (cache) and the client's cookie. Therefore, if the SID parameter is included in the link of the access page, the SID parameter is included in the request sent by the client, otherwise the SID parameter is not included in the request.
SID参数的生存周期自用户登录系统时开始,用户退出登录或SID参数过期时截止,通常设置SID参数的过期时间为1小时,当超过该过期时间,则表示SID参数已过期,根据需要也可将该过期时间设置为其他数值。The SID parameter life cycle starts when the user logs in to the system. When the user logs out or the SID parameter expires, the expiration time of the SID parameter is usually set to 1 hour. When the expiration time is exceeded, the SID parameter has expired. Set the expiration time to a different value.
步骤S302:判断客户端cookie和服务器缓存(cache)中是否都存在验证参数,如果是,则执行步骤S303;否则执行步骤S304。Step S302: It is determined whether the verification parameter exists in both the client cookie and the server cache. If yes, step S303 is performed; otherwise, step S304 is performed.
为了方便表述,以下将客户端cookie中的验证参数记作第一验证参数,将服务器缓存中的验证参数记作第二验证参数。For convenience of description, the verification parameter in the client cookie is recorded as the first verification parameter, and the verification parameter in the server cache is recorded as the second verification parameter.
客户端是当前请求登录子站的客户端,当该客户端的用户通过主站系统的统一登录入口登录后,首次访问子站页面时,系统将生成第 一验证参数并将该第一验证参数写入到该客户端的cookie中。第一验证参数的生成规则可以为:name,value。其中,name参数为cookie名,value参数为cookie值。The client is the client that is currently requesting to log in to the substation. When the user of the client logs in through the unified login portal of the primary station system, the system will generate the first time when accessing the substation page for the first time. A validation parameter and the first verification parameter is written to the client's cookie. The generation rule of the first verification parameter may be: name, value. Where the name parameter is the cookie name and the value parameter is the cookie value.
服务器是子站服务器,当用户通过系统的统一登录入口登录后,系统将生成第二验证参数并将该第二验证参数写入到服务器的cache(缓存)中。第二验证参数的生成规则可以是:key+sid,{name,value},其中,name参数为用户客户端的cookie名,value参数为用户客户端的cookie值,key参数为各子站服务器分别自定义的字符串,用于区分不同的系统,由于通过用户访问页面的链接中包含的SID参数就可以查找到存储该SID参数的服务器缓存,因此该参数也可以缺省设置。The server is a child server. After the user logs in through the unified login portal of the system, the system generates a second verification parameter and writes the second verification parameter to the cache of the server. The second verification parameter generation rule may be: key+sid, {name, value}, where the name parameter is the cookie name of the user client, the value parameter is the cookie value of the user client, and the key parameter is customized for each sub-server server. The string is used to distinguish different systems. Since the SID parameter contained in the link of the user accessing the page can find the server cache storing the SID parameter, the parameter can also be set by default.
第一验证参数和第二验证参数有各自的生命周期,第一验证参数的生存周期通常可以为30天或者其他数值。第二验证参数的生存周期可以24小时或者其他数值。需要说明的是,为了保证本发明实施例的实施流程正常执行,第一验证参数和第二验证参数的数值需要大于SID参数的过期时间。The first verification parameter and the second verification parameter have respective life cycles, and the life cycle of the first verification parameter may generally be 30 days or other values. The life cycle of the second verification parameter can be 24 hours or other values. It should be noted that, in order to ensure that the implementation process of the embodiment of the present invention is performed normally, the values of the first verification parameter and the second verification parameter need to be greater than the expiration time of the SID parameter.
结合上述内容,以用户A访问上述页面链接为例,如果用户A登录过上述系统并且访问过上述页面链接,则客户端cookie中便保存有第一验证参数,相应地,服务器缓存中便保存有第二验证参数,在第一验证参数和第二验证参数的生存周期内,就可以获取到该第一验证参数和第二验证参数;如果没有用户登录过上述系统,则客户端cookie和服务器缓存中都不存在验证参数。In the above, the user A accesses the above page link as an example. If the user A logs in to the above system and accesses the above page link, the first authentication parameter is saved in the client cookie, and accordingly, the server cache is saved. a second verification parameter, in the life cycle of the first verification parameter and the second verification parameter, the first verification parameter and the second verification parameter are obtained; if no user logs in to the system, the client cookie and the server cache There are no verification parameters in it.
步骤S303:判断客户端cookie中的第一验证参数和服务器缓存(cache)中的第二验证参数是否匹配,如果匹配,则执行步骤S306,否则,执行步骤S308。 Step S303: It is determined whether the first verification parameter in the client cookie matches the second verification parameter in the server cache. If yes, step S306 is performed; otherwise, step S308 is performed.
判断客户端cookie中的第一验证参数和服务器缓存(cache)中的第二验证参数是否匹配,主要是判断该第一验证参数和该第二验证参数中的相关字段是否相同,即:判断第一验证参数中的name字段和value字段与第二验证参数的name字段和value字段是否对应相同,如果相同则判定为该第一验证参数和该第二验证参数匹配,否则判定为不匹配。Determining whether the first verification parameter in the client cookie matches the second verification parameter in the server cache, mainly determining whether the first verification parameter and the related field in the second verification parameter are the same, that is, determining the The name field and the value field in the verification parameter are the same as the name field and the value field of the second verification parameter. If they are the same, it is determined that the first verification parameter and the second verification parameter match, otherwise it is determined as a mismatch.
结合实际应用情况,例如用户A接收并访问用户B发来的页面链接,其中,用户B为不同于用户A的用户,且用户B使用用户账号ID1已登录上述系统并访问子站页面。如果用户A在其客户端上使用用户账号ID1登录了该系统,则用户A访问该子站页面时,系统获取到的第一验证参数是用户A客户端cookie中保存的验证参数,而系统获取到的第二验证参数是用户B登录该系统时存储在服务器缓存中的验证参数,那么,第一验证参数和第二验证参数是不匹配的。还可以考虑另一种情况,如果用户A在其客户端上使用用户账号ID1登录该系统之后,继续在其客户端上访问该主站下面的子站页面时,则系统获取到的第一验证参数是用户A客户端cookie中保存的验证参数,且系统获取到的第二验证参数是用户A登录该系统时存储在服务器缓存中的验证参数,那么,第一验证参数和第二验证参数是匹配的。可以理解的是,本发明实施例的应用情况包括但不限于上述列举的情况。In combination with the actual application, for example, the user A receives and accesses the page link sent by the user B, where the user B is a user different from the user A, and the user B has logged into the system and accesses the sub-page by using the user account ID1. If user A logs in to the system using the user account ID1 on the client, when the user A accesses the child page, the first authentication parameter obtained by the system is the verification parameter saved in the user A client cookie, and the system obtains The second verification parameter to be obtained is the verification parameter stored in the server cache when the user B logs in to the system, and then the first verification parameter and the second verification parameter are mismatched. Another case may be considered. If user A continues to access the sub-station page under the main station on his client after logging in to the system using user account ID1 on his client, the first verification obtained by the system is obtained. The parameter is a verification parameter saved in the user A client cookie, and the second verification parameter obtained by the system is a verification parameter stored in the server cache when the user A logs in to the system, then the first verification parameter and the second verification parameter are matched. It can be understood that the application cases of the embodiments of the present invention include, but are not limited to, the above enumerated cases.
此外,除了本S303步骤中介绍的上述情况以外,第一验证参数和第二验证参数都不存在也可以认为该两个验证参数匹配,以及,第一验证参数和第二验证参数两者中只存在其中一个也可以认为该两个验证参数不匹配,为了使本实施例的方法流程更加清楚,这两种特殊情况此处暂不做介绍,而在步骤S304进行详述。In addition, except for the above case described in the step S303, the first verification parameter and the second verification parameter are not present, and the two verification parameters may be considered to be matched, and only the first verification parameter and the second verification parameter are only If one of the two verification parameters does not match, in order to make the method flow of the embodiment more clear, the two special cases are not described here, but are detailed in step S304.
步骤S304:判断客户端cookie中的第一验证参数和服务器缓存(cache)中的第二验证参数是否都不存在,如果是,则执行步骤S305,否则,执行步骤S308。 Step S304: It is determined whether the first verification parameter in the client cookie and the second verification parameter in the server cache are not present. If yes, step S305 is performed; otherwise, step S308 is performed.
上述第一验证参数和第二验证参数都不存在的情况,例如,当用户A使用用户账号ID1登录该系统之后,首次访问系统中的子站页面,那么,客户端cookie和服务器缓存中都不存在验证参数,此时可以执行步骤S305,以生成相匹配的验证参数分别保存在客户端cookie和服务器缓存中。In the case where the first verification parameter and the second verification parameter are not present, for example, when the user A logs in to the system using the user account ID1, and accesses the sub-page page in the system for the first time, then neither the client cookie nor the server cache is present. There is a verification parameter, and step S305 can be performed at this time to generate matching verification parameters respectively stored in the client cookie and the server cache.
如果上述第一验证参数和第二验证参数两者中只存在其中一个,则执行步骤S308,用户登录验证不通过。其中,第一验证参数和第二验证参数中只有第二验证参数存在的情况,例如,用户A接收并访问用户B发来的页面链接,其中,用户B为不同于用户A的用户,且用户B使用用户账号ID1已登录上述系统并访问子站页面,如果用户A没有使用用户账号ID1登录上述系统,则用户A的客户端cookie中不存在第一验证参数,而服务器缓存中保存有用户B登录该系统后首次访问该子站页面时生成的第二验证参数,亦即:第一验证参数不存在,第二验证参数存在。另外,第一验证参数和第二验证参数中只有第一验证参数存在的情况,例如,由于第一验证参数的生存周期比第二验证参数的生存周期长,那么,当第二验证参数已过期,而第一验证参数未过期的情况下,则只有第一验证参数存在,而第二验证参数不存在。If only one of the first verification parameter and the second verification parameter is present, step S308 is performed, and the user login verification fails. Wherein, only the second verification parameter exists in the first verification parameter and the second verification parameter, for example, the user A receives and accesses a page link sent by the user B, where the user B is a user different from the user A, and the user B uses the user account ID1 to log in to the above system and access the sub-site page. If user A does not log in to the system using user account ID1, the first authentication parameter does not exist in the client-side cookie of user A, and user B is stored in the server cache. The second verification parameter generated when the sub-site page is accessed for the first time after logging in to the system, that is, the first verification parameter does not exist, and the second verification parameter exists. In addition, only the first verification parameter exists in the first verification parameter and the second verification parameter. For example, since the life cycle of the first verification parameter is longer than the life cycle of the second verification parameter, when the second verification parameter has expired When the first verification parameter has not expired, only the first verification parameter exists, and the second verification parameter does not exist.
需要说明的是,上述第一验证参数和第二验证参数两者中只存在其中一个的情况也可以作为上述步骤S303中第一验证参数和第二验证参数不匹配的情况的特例,当第一验证参数和第二验证参数两者中只存在其中一个时,执行步骤S308。It should be noted that the case where only one of the first verification parameter and the second verification parameter exists may also be a special case of the case where the first verification parameter and the second verification parameter do not match in the above step S303, when the first When only one of the verification parameter and the second verification parameter exists, step S308 is performed.
同样地,上述第一验证参数和第二验证参数都不存在的情况,亦即获取的第一验证参数和第二验证参数都为“空/NULL”,也可以作为上述步骤S303中第一验证参数和第二验证参数匹配的情况的特例。因此,根据本发明的实施例,还可以在判定该第一验证参数和第二验证 参数都不存在时,执行步骤S306,根据唯一标识符从所述服务器获取用户的登录状态,并判断登录状态是否为登录成功。Similarly, the first verification parameter and the second verification parameter are not present, that is, the obtained first verification parameter and the second verification parameter are both “empty/NULL”, and may also be used as the first verification in step S303. A special case of the case where the parameter matches the second verification parameter. Therefore, according to an embodiment of the present invention, the first verification parameter and the second verification may also be determined. If the parameter does not exist, step S306 is executed to obtain the login status of the user from the server according to the unique identifier, and determine whether the login status is successful.
另外,如果第一验证参数和第二验证参数都不存在,那么为了方便以后通过该方法进行校验,在执行步骤S306之前,还可以执行步骤S305。In addition, if the first verification parameter and the second verification parameter are not present, in order to facilitate verification by the method in the future, before performing step S306, step S305 may also be performed.
步骤S305:生成匹配的第一验证参数和第二验证参数,并将该生成的第一验证参数保存在客户端,将该生成的第二验证参数保存在服务器。Step S305: Generate a matching first verification parameter and a second verification parameter, and save the generated first verification parameter in the client, and save the generated second verification parameter in the server.
其中,生成的匹配的第一验证参数和第二验证参数主要包括生成相关字段相同的第一验证参数和第二验证参数,即第一验证参数和第二验证参数的name字段、value字段分别对应相同。The generated first verification parameter and the second verification parameter mainly include a first verification parameter and a second verification parameter that generate the same related field, that is, the first field and the value field of the first verification parameter and the second verification parameter respectively correspond to the same.
步骤S306:根据唯一标识符从会话中心获取用户的登录状态,并判断该登录状态是否为登录成功。Step S306: Acquire a login status of the user from the session center according to the unique identifier, and determine whether the login status is successful login.
其中,登录状态可以包括登录成功和登录失败。当第一验证参数和第二验证参数匹配(包括步骤S304中提及的该匹配情况的特例,即第一验证参数和第二验证参数都不存在的情况)时,系统根据唯一标识符从会话中心获取用户的登录状态。在本实施例中,会话中心主要用于提供查询SID参数是否过期和根据SID参数获取pin信息的服务,其中,pin信息用于标识登录用户的身份。会话中心一般与服务器分开设置,也可以集成在服务器上。The login status may include login success and login failure. When the first verification parameter and the second verification parameter match (including the special case of the matching case mentioned in step S304, that is, the case where the first verification parameter and the second verification parameter are not present), the system proceeds from the session according to the unique identifier. The center gets the login status of the user. In this embodiment, the session center is mainly used to provide a service for querying whether the SID parameter expires and obtaining pin information according to the SID parameter, where the pin information is used to identify the identity of the login user. The session center is usually set up separately from the server or integrated on the server.
获取用户登录状态具体可以通过如下方式:根据SID参数获取pin信息,该pin信息可以是用户登录账号,也可以是其他表示登录用户身份的标识信息。如果能够获取到pin信息,则系统返回的登录状态为登录成功,执行步骤S307,登录验证通过;如果获取不到pin信息,则 系统返回的登录状态为登录失败,执行步骤S308,登录验证不通过。The user login status may be obtained by acquiring the pin information according to the SID parameter, and the pin information may be a user login account, or other identifier information indicating the identity of the login user. If the pin information is obtained, the login status returned by the system is that the login is successful, and step S307 is performed, and the login verification is passed; if the pin information is not obtained, The login status returned by the system is that the login fails. In step S308, the login verification fails.
步骤S307:判定请求登录的登录验证通过,即用户无需重新登录系统。Step S307: It is determined that the login verification requesting the login is passed, that is, the user does not need to log in to the system again.
步骤S308:判定请求登录的登录验证不通过,即跳转到用户登录页面,或者通过其他方式提示用户重新登录。Step S308: It is determined that the login verification requesting the login fails, that is, jumping to the user login page, or prompting the user to log in again by other means.
本发明实施例的上述各个步骤主要是针对主站和子站在不同域名下的实施流程,显而易见,在跨域系统中,本发明实施例的技术方案解决了用户信息泄漏的问题,克服了无法在跨域系统使用现有技术进行登录合法性验证的缺陷。然而,本领域技术人员可以理解的是,本发明实施例的技术方案对于主站和子站属于同一子域的情况也同样适用。The foregoing steps of the embodiment of the present invention are mainly directed to the implementation process of the primary station and the sub-station under different domain names. Obviously, in the cross-domain system, the technical solution of the embodiment of the present invention solves the problem of user information leakage, and overcomes the problem that the user information cannot be overcome. A cross-domain system uses existing technology for the defect of login legality verification. However, those skilled in the art can understand that the technical solution of the embodiment of the present invention is also applicable to the case where the primary station and the secondary station belong to the same sub-domain.
根据本发明实施例的技术方案,通过引入两个验证参数,一个验证参数保存在客户端的cookie中,另一个验证参数保存在服务器的缓存中,并根据对引入的两个验证参数进行比对得到的校验结果,来判断用户是否合法或登录成功。使用本发明的技术方案,能够解决跨域名子系统的用户身份合法性校验问题,能够实现在子站点内进行用户身份的合法性验证,防止SID标识被盗用,保证子站下的用户信息安全。According to the technical solution of the embodiment of the present invention, by introducing two verification parameters, one verification parameter is saved in the cookie of the client, and another verification parameter is saved in the cache of the server, and is compared according to the two verification parameters introduced. The result of the verification is to determine whether the user is legal or successful. By using the technical solution of the present invention, the problem of verifying the validity of the user identity of the cross-domain name subsystem can be solved, and the legality verification of the user identity in the sub-site can be implemented, the SID identifier can be prevented from being stolen, and the user information under the sub-station can be secured. .
上述具体实施方式,并不构成对本发明保护范围的限制。本领域技术人员应该明白的是,取决于设计要求和其他因素,可以发生各种各样的修改、组合、子组合和替代。任何在本发明的精神和原则之内所作的修改、等同替换和改进等,均应包含在本发明保护范围之内。 The above specific embodiments do not constitute a limitation of the scope of the present invention. Those skilled in the art will appreciate that a wide variety of modifications, combinations, sub-combinations and substitutions can occur depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (12)

  1. 一种跨域系统登录验证的方法,其特征在于,包括:A cross-domain system login verification method, comprising:
    接收客户端发来的请求,并判断所述请求的参数中是否包含唯一标识符;Receiving a request sent by the client, and determining whether the parameter of the request includes a unique identifier;
    如果所述请求的参数中包含所述唯一标识符,则根据所述唯一标识符获取第一验证参数和第二验证参数,并判断所述第一验证参数和所述第二验证参数是否匹配,其中,所述第一验证参数位于客户端,所述第二验证参数位于服务器;And if the unique identifier is included in the parameter of the request, obtaining a first verification parameter and a second verification parameter according to the unique identifier, and determining whether the first verification parameter and the second verification parameter match, The first verification parameter is located at the client, and the second verification parameter is located at the server;
    如果所述第一验证参数和所述第二验证参数匹配,则根据所述唯一标识符从所述服务器获取用户的登录状态,并判断所述登录状态是否为登录成功;If the first verification parameter and the second verification parameter match, obtaining a login status of the user from the server according to the unique identifier, and determining whether the login status is a login success;
    如果所述登录状态为登录成功,则登录验证通过。If the login status is that the login is successful, the login verification is passed.
  2. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1 further comprising:
    如果所述请求的参数中不包含所述唯一标识符,则登录验证不通过。If the unique identifier is not included in the requested parameter, the login verification fails.
  3. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1 further comprising:
    如果所述第一验证参数和所述第二验证参数不匹配,则登录验证不通过。If the first verification parameter and the second verification parameter do not match, the login verification fails.
  4. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1 further comprising:
    如果所述登录状态不是登录成功,则登录验证不通过。If the login status is not successful, the login verification does not pass.
  5. 根据权利要求1或3所述的方法,其特征在于,所述第一验证参数和所述第二验证参数匹配包括:The method according to claim 1 or 3, wherein the matching of the first verification parameter and the second verification parameter comprises:
    所述第一验证参数和所述第二验证参数都存在,且所述第一验证参数和所述第二验证参数中相关字段相同;和The first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and
    所述第一验证参数和所述第二验证参数都不存在; The first verification parameter and the second verification parameter are not present;
    并且,所述第一验证参数和所述第二验证参数不匹配包括:And the non-matching of the first verification parameter and the second verification parameter includes:
    所述第一验证参数和所述第二验证参数都存在,但是所述第一验证参数和所述第二验证参数中相关字段不相同;和The first verification parameter and the second verification parameter are both present, but the related fields in the first verification parameter and the second verification parameter are different; and
    所述第一验证参数和所述第二验证参数两者中只存在其中一个。Only one of the first verification parameter and the second verification parameter exists.
  6. 根据权利要求5所述的方法,其特征在于,所述第一验证参数和所述第二验证参数都不存在的步骤之后,还包括:The method according to claim 5, wherein after the step of not presenting the first verification parameter and the second verification parameter, the method further comprises:
    生成匹配的第一验证参数和第二验证参数,并将所述生成的第一验证参数保存在客户端,将所述生成的第二验证参数保存在服务器。Generating a matching first verification parameter and a second verification parameter, and saving the generated first verification parameter to the client, and saving the generated second verification parameter to the server.
  7. 一种跨域系统登录验证的装置,其特征在于,包括:An apparatus for verifying login authentication of a cross-domain system, comprising:
    用户请求接收模块,用于接收客户端发来的请求,并判断所述请求的参数中是否包含唯一标识符;a user request receiving module, configured to receive a request sent by the client, and determine whether the parameter of the request includes a unique identifier;
    参数匹配判断模块,用于如果所述请求的参数中包含所述唯一标识符,则根据所述唯一标识符获取第一验证参数和第二验证参数,并判断所述第一验证参数和所述第二验证参数是否匹配,其中,所述第一验证参数位于客户端,所述第二验证参数位于服务器;a parameter matching judging module, configured to: if the unique identifier is included in the parameter of the request, obtain a first verification parameter and a second verification parameter according to the unique identifier, and determine the first verification parameter and the Whether the second verification parameter is matched, wherein the first verification parameter is located at the client, and the second verification parameter is located at the server;
    登录状态判断模块,用于如果所述第一验证参数和所述第二验证参数匹配,则根据所述唯一标识符从所述服务器获取用户的登录状态,并判断所述登录状态是否为登录成功;a login status determining module, configured to: if the first verification parameter and the second verification parameter match, obtain a login status of the user from the server according to the unique identifier, and determine whether the login status is a successful login ;
    用户登录验证模块,用于如果所述登录状态为登录成功,则登录验证通过。The user login verification module is configured to pass the login verification if the login status is successful.
  8. 根据权利要求7所述的装置,其特征在于,所述用户登录验证模块还用于:The device according to claim 7, wherein the user login verification module is further configured to:
    如果所述请求的参数中不包含所述唯一标识符时,则登录验证不通过。If the unique identifier is not included in the parameter of the request, the login verification fails.
  9. 根据权利要求7所述的装置,其特征在于,所述用户登录验证模块还用于: The device according to claim 7, wherein the user login verification module is further configured to:
    如果所述第一验证参数和所述第二验证参数不匹配,则登录验证不通过。If the first verification parameter and the second verification parameter do not match, the login verification fails.
  10. 根据权利要求7所述的装置,其特征在于,所述用户登录验证模块还用于:The device according to claim 7, wherein the user login verification module is further configured to:
    如果所述登录状态不是登录成功,则登录验证不通过。If the login status is not successful, the login verification does not pass.
  11. 根据权利要求7或9所述的装置,其特征在于,Device according to claim 7 or 9, characterized in that
    所述第一验证参数和所述第二验证参数匹配包括:The matching between the first verification parameter and the second verification parameter includes:
    所述第一验证参数和所述第二验证参数都存在,且所述第一验证参数和所述第二验证参数中相关字段相同;和The first verification parameter and the second verification parameter are both present, and the related fields in the first verification parameter and the second verification parameter are the same; and
    所述第一验证参数和所述第二验证参数都不存在;The first verification parameter and the second verification parameter are not present;
    并且,所述第一验证参数和所述第二验证参数不匹配包括:And the non-matching of the first verification parameter and the second verification parameter includes:
    所述第一验证参数和所述第二验证参数都存在,但是所述第一验证参数和所述第二验证参数中相关字段不相同;和The first verification parameter and the second verification parameter are both present, but the related fields in the first verification parameter and the second verification parameter are different; and
    所述第一验证参数和所述第二验证参数两者中只存在其中一个。Only one of the first verification parameter and the second verification parameter exists.
  12. 根据权利要求11所述的装置,其特征在于,还包括:验证参数生成模块,用于如果所述第一验证参数和所述第二验证参数都不存在,则生成匹配的第一验证参数和第二验证参数,并将所述生成的第一验证参数保存在客户端,将所述生成的第二验证参数保存在服务器。 The apparatus according to claim 11, further comprising: a verification parameter generating module, configured to generate a matching first verification parameter and if the first verification parameter and the second verification parameter are not present And the second verification parameter is saved, and the generated first verification parameter is saved in the client, and the generated second verification parameter is saved in the server.
PCT/CN2017/070228 2016-01-21 2017-01-05 Method and device for cross-domain system login verification WO2017124922A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610040103.XA CN105610855A (en) 2016-01-21 2016-01-21 Method and device for login verification of cross-domain system
CN201610040103.X 2016-01-21

Publications (1)

Publication Number Publication Date
WO2017124922A1 true WO2017124922A1 (en) 2017-07-27

Family

ID=55990393

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/070228 WO2017124922A1 (en) 2016-01-21 2017-01-05 Method and device for cross-domain system login verification

Country Status (2)

Country Link
CN (1) CN105610855A (en)
WO (1) WO2017124922A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699366A (en) * 2021-01-08 2021-04-23 杭州米络星科技(集团)有限公司 Cross-platform login-free secure communication method and device and electronic equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610855A (en) * 2016-01-21 2016-05-25 北京京东尚科信息技术有限公司 Method and device for login verification of cross-domain system
CN107493250B (en) * 2016-06-12 2020-08-04 阿里巴巴集团控股有限公司 Method, client and server for authenticating webpage request
CN115173559B (en) * 2022-07-15 2023-10-17 国网江苏省电力有限公司 Intelligent monitoring platform for new energy station

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2106093A1 (en) * 2008-03-28 2009-09-30 British Telecommunications Public Limited Company Devolved authentication
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN103634399A (en) * 2013-11-29 2014-03-12 北京奇虎科技有限公司 Method and device for realizing cross-domain data transmission
CN105007280A (en) * 2015-08-05 2015-10-28 郑州悉知信息技术有限公司 Application sign-on method and device
CN105610855A (en) * 2016-01-21 2016-05-25 北京京东尚科信息技术有限公司 Method and device for login verification of cross-domain system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546432B (en) * 2012-07-12 2015-12-16 腾讯科技(深圳)有限公司 Realize method and system and browser, the name server of cross-domain redirect
CN104301418B (en) * 2014-10-23 2017-12-12 西安未来国际信息股份有限公司 A kind of cross-domain single login system and login method based on SAML
CN104410650A (en) * 2014-12-24 2015-03-11 四川金网通电子科技有限公司 Method for authenticating user based on Session and Cookie

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2106093A1 (en) * 2008-03-28 2009-09-30 British Telecommunications Public Limited Company Devolved authentication
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN103634399A (en) * 2013-11-29 2014-03-12 北京奇虎科技有限公司 Method and device for realizing cross-domain data transmission
CN105007280A (en) * 2015-08-05 2015-10-28 郑州悉知信息技术有限公司 Application sign-on method and device
CN105610855A (en) * 2016-01-21 2016-05-25 北京京东尚科信息技术有限公司 Method and device for login verification of cross-domain system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699366A (en) * 2021-01-08 2021-04-23 杭州米络星科技(集团)有限公司 Cross-platform login-free secure communication method and device and electronic equipment
CN112699366B (en) * 2021-01-08 2022-07-15 杭州米络星科技(集团)有限公司 Cross-platform login-free secure communication method and device and electronic equipment

Also Published As

Publication number Publication date
CN105610855A (en) 2016-05-25

Similar Documents

Publication Publication Date Title
US11128477B2 (en) Electronic certification system
US9166966B2 (en) Apparatus and method for handling transaction tokens
US8572689B2 (en) Apparatus and method for making access decision using exceptions
US8572686B2 (en) Method and apparatus for object transaction session validation
US8726339B2 (en) Method and apparatus for emergency session validation
US8572714B2 (en) Apparatus and method for determining subject assurance level
US8752123B2 (en) Apparatus and method for performing data tokenization
US11750395B2 (en) System and method for blockchain-based multi-factor security authentication between mobile terminal and IoT device
US8806602B2 (en) Apparatus and method for performing end-to-end encryption
CN103475666A (en) Internet of things resource digital signature authentication method
US8752157B2 (en) Method and apparatus for third party session validation
US20130047242A1 (en) Apparatus and Method for Performing Real-Time Authentication Using Subject Token Combinations
US8726341B2 (en) Apparatus and method for determining resource trust levels
WO2017124922A1 (en) Method and device for cross-domain system login verification
US8572690B2 (en) Apparatus and method for performing session validation to access confidential resources
US8572724B2 (en) Method and apparatus for network session validation
US20140223528A1 (en) Certificate installation and delivery process, four factor authentication, and applications utilizing same
US8584202B2 (en) Apparatus and method for determining environment integrity levels
CN117155716B (en) Access verification method and device, storage medium and electronic equipment
US8850515B2 (en) Method and apparatus for subject recognition session validation
CN112261103A (en) Node access method and related equipment
US8572688B2 (en) Method and apparatus for session validation to access third party resources
US8584201B2 (en) Method and apparatus for session validation to access from uncontrolled devices
US9159065B2 (en) Method and apparatus for object security session validation
CN114500074B (en) Single-point system security access method and device and related equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17740953

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/10/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 17740953

Country of ref document: EP

Kind code of ref document: A1