Second Life source Analysis (10) The implementation process of login authorization

In the information society, more and more things realize digitization, bring to everyone convenient at the same time, also faced with serious information security challenges. In particular, the security of personal account information, or to determine whether a person is legally logged on to the server, are extremely difficult. Especially a system like Second Life, its trading system is linked to the realization of money in life, so the verification requirements for it more stringent. The following picture shows that the logon process is being validated.   Cai Junsheng  2008/1/8 qq:9073204 Shenzhen in the Second Life, the first validation is through account and password authentication, which is the Web validation described earlier, which returns a string of Web_login_key, as follows: web_login_key= 80947d38-d91b-4a34-8c78-6a822aa95974 second authentication is to connect to another server, MAC address and hard disk partition serial number to verify that only one user logged in, and this user is legitimate. Connect to the url:https://login.agni.lindenlab.com/cgi-bin/login.cgi of the server, and then exchange information through XMLRPC Communication, implementing the Code as follows: #001  guserauthp- >authenticate (#002                Sauthuris[sauthurinum].c_str (), #003                 auth_method.c_str (), #004                 firstname.c_str (), #005                 lastname.c_str (), #006       &Nbsp;        Web_login_key, #007                 start.str () c_str (), #008                 gskipoptionalupdate, #009                 Gaccepttos, #010                 Gacceptcriticalmessage, #011                 Gviewerdigest, #012                 Glastexecfroze, #013                 requested_options, #014                 hashed_mac_string, #015                 llappviewer::instance ()->getserialnumber ());   After the success of this verification, will return to agent_id, session_id, secure_session_id, Sim_ip,sim_port and other information. The third verification, is the above agent_id, session_id, secure_session_id and other information sent to the simulation server for verification to log in. The Sim_ip,sim_port returned from the last Test will know that you can log on to that analog server, which can also achieve dynamic load balancing. When the above three verification is valid, you can log on to the simulation server, start downloading the map data, role data, and so on. Because the logon process is also relatively long, in order to allow users to see the picture as soon as possible, in the second Life to save the final exit software when the scene picture, it is saved in the customer's hard drive, so loaded it to show is relatively fast, but also let users recall the last moment is there. This kind of realization is more humanized design.