One of the soap applications, multi-point login (the first release of joy Village)

Continue with the previous article, continue to talk about soap's multi-site login, cross-domain login, and never fall asleep in the middle of the night, always thinking about this problem, get up and turn it into text. Haha
I haven't implemented this thing with code yet, but I have understood the principle clearly and it should be implemented without any problems.

First, create three functions on the server. One is that the login function requires parameter usernames, passwords, servers,
Another function is to obtain user data based on the user ID, and the third function is to log out.

Client
There are two possible reasons. One is that the user does not log on (of course, the user name, password, server code is provided to log on), and the other is already logged on elsewhere.
(Provide the login user ID and server code. We obtain the information and re-register the session under the new domain name)

It should also be two functions
One login parameter: User Name, password, server code
One is the multi-point login parameter: User ID

The principle is demonstrated below
Domain Name 1 user does not provide the user name and password for login. With the login code, we send a request to the server, and return the user name, And the password is correct.
At the same time, other useful information is returned. We put it in the session. At this time, the login site should be completed.

The user jumps from the domain name to the domain name and uses the get method to provide a user ID

Domain name 2: Check that there is no user session information under the domain name. Then, check whether the user ID is provided. If yes, send a request to the server and provide the user ID number.
At this time, a flag should be sent by the way to prove that the user sent requests from this site. To enhance security, however, dirty data may still be accepted at this time,
Because the user ID is exposed to the user, you can modify it. However, the user ID is less likely to exist. After the server obtains the user ID
At the same time, determine whether the request is sent by the correct address. If everything is normal, search for and return the relevant information. domain name 2 receives the data returned by the server, and then registers the session.

The specific situation should be modified according to the specific requirements. The user ID passed in the middle can be encrypted, and so on. However, this data still has some problems.

You can use the method mentioned in the example of passport design in the first few days. You can also use two or more libraries to coexist. However, depending on different domain names
Different information is provided.

After careful research, or think about it, we can find that this is better than passing through the pure get method, and there is very little data that can be contaminated by users. And soap Security
Now we have a long history of standardization. If we have done a good job, it would be easier to add security measures.

Writing is complete. Go to bed! There should be a lot of things about Web server. It's a long time to understand and discover more things! I made a special book, but I found network information.
The speed of lead words has far exceeded. Today I want to find a book about Python and go to Wangfujing. I can't find it!

Author: sanshi
Mail: sanshi0815@tom.com