Recently I am working on a scanning login function, so I also searched the internet for the implementation of scanning login. After this function is completed, I decided to sort out the entire implementation idea so that I can view it later and make it easier for other programs with similar requirements. We need to solve two problems to achieve scanning login: 1. how to solve the permission security problem without entering the user name and password? In other words, how can I let the server know that the client scanning the QR code is a legal user? 2. based on the user's choice on the client, how does the server make the corresponding response on the webpage in real time... recently I am working on a scanning login function, so I also searched the internet for the implementation of scanning login. After this function is completed, I decided to sort out the entire implementation idea so that I can view it later and make it easier for other programs with similar requirements.
To scan the QR code for logon, we need to solve two problems:
1. how to solve the permission security problem without entering the user name and password? In other words, how can I let the server know that the client scanning the QR code is a legal user?
2. how does the server respond to the webpage in real time based on the user's choice on the client?
First, let's take a look at the implementation ideas to help us understand the direction of thinking for solving this problem. The login QR code is actually a URL converted into a QR code form, and after scanning the code through the client, nothing more than open this url, I caught the QR code url for the https://login.weixin.qq.com/l/YdmTu30I5A==, ydmTu30I5A = in this url represents the unique ID of this session, which is similar to the session id in the browser. through this ID, the confirmation result can be directed to the webpage. To use the QR code logon function, you must have two prerequisites: first, you must install an app on the client. Second, you need to log on to the app. Https://wx.qq.com/
Python Web real-time message backend server push technology
Why are there two conditions? This is because when you confirm whether you are allowed to log on to the web version, you need to extract the login information of the current app and send the above session ID together to the server, in this way, after receiving the login information and sessionID, the server can confirm two things: first, the user who confirms the login client has been verified; the second is to use the session ID server to know which web page the feedback result is pushed.
So for the first point, we need to ensure that the user has been verified and valid before scanning (the authentication method can be username + password, it can also be a secure key). when you select whether to log on, push this result to the server. If the user does not verify whether the verification is legal, the user can directly tell the user that the QR code is not recognized or prompt to log on to the app first.
With identity authentication, the second problem is solved now. how can we display the feedback results on the webpage in real time? Some may say that it is easy to send a request to the backend on the client side, and the webpage uses ajax to regularly send it to the server side to check whether there is any feedback. I do not agree with this approach, because the ajax round robin method consumes a lot of client and server resources! Another technology-web real-time push technology is involved here. using push technology can save resources on servers and clients and stably push and receive any messages. In the implementation process, I used the third-party push service-GoEasy push, which is very simple to implement. other features in our project also used the GoEasy web real-time push service, so here I directly use GoEasy push to push the login feedback results to the server. My implementation steps are very simple. the transmitted session ID is used as the communication channel between the client and the webpage, and the session ID is used as the worthy channel for webpage subscription, the client sends the verification result and session ID to the server. the server can actively push the result to the Web version through this channel! If the client also needs to provide corresponding feedback, the client only needs to subscribe to this channel, and the server will push the result to both the webpage version and the client. after receiving the message, you can do what you want in the goeasy callback function as needed. About goeasy push use, you can refer to this blog: http://www.cnblogs.com/jishaochengduo/articles/5552645.html, in addition GoEasy push official website also has a demo: GoEasy QR code scan login demo, you can go to see the effect.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.