Implement the website QR code scan loginCategory: Architecture design 2014-03-31 10:33 14613 people read reviews (6) favorite reports
When you try to use the Web version, you find that the login method is cool. Distinguish with the common user name and password of the login method, Web login only need a swipe, you can easily implement the login function.
Here's an attempt to guess a possible architecture based on an individual's understanding. In general, it is not too difficult to scan the QR code to realize the login of the website. First look at the overall architecture of the QR code login: Throughout the architecture, there are several modules: mobile app, browser, Web server, and storage Service (session service). The main flow of the program is as follows: 1) get QR code after opening weixin.qq.com entire page, the SessionID will be planted on the browser side, where SessionID and the QR code shown in the browser are mapped. As shown in the scheme's composition: The Web server receives the <1 of the browser. After obtaining the QR code > request, generate the session corresponding to this connection and the QR code image, At the same time storage sessionid and two-dimensional code image of the one by one mapping relationship (must ensure that the two-dimensional code picture and the uniqueness of the SessionID, the following process, you need to follow the QR code image to retrieve the SessionID to notify the browser to implement the login); 2) scan the QR code of the mobile app scan browser QR code image, the mobile app to complete the confirmation authorization, the mobile app login information automatically submitted to the Web server. Web Services confirm the submission of mobile phone login and other legitimate, according to the QR code to retrieve the browser link information is SessionID, and the corresponding SessionID is set to complete the login, while binding the legitimate browser side of the user login state information; 3) Notify the browser to complete the login browser how to get a timely access to the completed authorization login? In fact, there are two main solutions for this type of problem: a) Ajax asynchronous timing rotation request using this method technology to achieve low cost, pseudo-real-time, the degree of real-time depends on the frequency of the AJAX request, high-level requests will undoubtedly bring a small cost to the server, fortunately, Concurrent requests for this login scenario are not too high; b) Http Comet real-time push with comet real-time push to the scheme, as shown in scenario two, the mobile app confirms the authorization, the push service will be the browser's login information in real-time to the browser, the real-time nature of this scheme is undoubtedly the highest, In the web chat, real-time monitoring and other scenarios, the user's product experience will be very high, the problem is: high technology implementation costs. &NBSP;&NBSP;4) After the local browser binds the cookie browser to receive the notification, the schema user information is critical that the user login credentials are written to the browser's cookie, which is passed as the most basic request parameter during subsequent requests for other services; For comet push technology see: &NBSP;HTTP://WWW.IBM.COM/DEVELOPERWORKS/CN/WEB/Wa-lo-comet/ in fact, the above is wrong, I have not done similar services.
To implement the Web site QR Code scan login