Managing user logon Sessions using Redis

Login and Cookie caching

There are two common ways to log on to cookies: one is a signed (signed) cookie, and the other is a token cookie.

A signature cookie typically stores a user name, possibly a user ID, the last time a user successfully logged in, and any other information that the site feels useful. In addition to the user's information, the signature cookie contains a signature that the server can use to verify that the information sent is unaltered (such as changing the login user name in the cookie to another customer).

A token cookie stores a random set of bytes in a cookie as a token, and the server can find the owner of the token in the database based on the token. The following table shows the advantages and disadvantages of signing cookies and token cookies.

Cookie Type	Advantages	Disadvantages
Signature Cookie	All information required to verify a cookie is stored in a cookie. Cookies can contain additional information (additional information), and it is easy to sign the information	It's hard to handle signatures correctly. It's easy to forget to sign the data or forget to verify the signature of the data, resulting in a security breach
Token cookie	Adding information is easy. Cookies are very small in size, so mobile and slow clients can send requests faster	More information needs to be stored in the server. If you are using a relational database, the cost of loading and storing cookies can be higher

Here is an example written in Java

Import java.util.ArrayList;

Import Java.util.Set;

Import Redis.clients.jedis.Jedis;
    public class Login {public String checktoken (Jedis conn,string token) {return conn.hget ("Login:", token); } public void Updatetoken (Jedis conn,string token,string user,string Item) {Long Time=system.currenttimemill
        Is ()/1000; Conn.hset ("Login:", token, user);//maintain the mapping between the token and the user Conn.zadd ("recent:", time, token);//Save the last occurrence of the token if (item! =null) {Conn.zadd ("viewd:" +token, Time, item);//Based on this token, set the name of the product that the user visited at this timestamp conn.zremrangebyrank ("VI
            EWD: "+token, 0,-26);//Remove the user record, only the user visited the 25 items.
        Conn.zincrby ("viewd:",-1, item);
        }} public class Cleansessionsthread extends thread{private Jedis conn;
        private int limit;
        Private Boolean quit; public cleansessionsthread (int limit) {//TODO auto-generated constructor stub this.conn=new Jedi
            S ("localhost"); CoNn.select (15);
        This.limit=limit;
        } public void Quit () {quit=true;
                } @Override public void Run () {//TODO auto-generated method stub while (!quit) { Long Size=conn.zcard ("recent:");//Based on login time determine online number if (size<=limit) {try
                    {thread.sleep (1000); } catch (Interruptedexception e) {//TODO auto-generated catch block e.pr
                    Intstacktrace ();
                    }}else{Long Endindex=math.min (size-limit,100);
                    Set<string> Tokensset=conn.zrange ("recent:", 0, EndIndex-1);
                    String[] Tokens=tokensset.toarray (New String[tokensset.size ()));
                    Arraylist<string> sessionkeys=new arraylist<> (); for (String token:tokens) {SessionkeYs.add ("viewd:" +token);
                    } Conn.del (Sessionkeys.toarray (New String[sessionkeys.size ()));
                    Conn.hdel ("Login:", tokens);
                Conn.zrem ("Recent:", tokens); }
            }
        }
    }
}