Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

H5 non-login user session tracking method

A non-login, user-friendly technology, applied in electrical components, transmission systems, etc., to protect service capabilities, protect information security and operational security, and improve interception rates

Active Publication Date: 2020-03-27
BANK OF COMMUNICATIONS
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this scheme is that once the token is leaked within the validity period of the session, the attacker can use the token to forge the identity of the real user to initiate a request, which has certain risks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • H5 non-login user session tracking method
  • H5 non-login user session tracking method
  • H5 non-login user session tracking method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0034] see figure 1 , figure 1 It is a flow chart of data interaction of a H5 user session tracking method for unlogged-in users in the embodiment of the present invention. The system on which the present invention is based is a system including a Web server, a client, and a server in the existing H5 technology, and the client is provided with a client browser. The server of the present invention adopts a two-layer structure architecture design, that is, a gateway server is added between the conventional Web server and the client browser, which is used to provide the user access entry address, create and manage user sessions, generate and maintain a one-time operations such as tokens.

[0035] The method of the present invention generates an entry link address of "creating a user session" through the server. This address is the entry of all subsequent H5 services. The request to access this address needs to be authenticated by the server. Forged requests cannot be verified b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an H5 non-login user session tracking method. the method comprises: a server adopting a two-layer architecture design; the server generating an entry link address for creatinga user session; wherein the address is an entrance of all subsequent H5 services; a request for accessing the address needing to be authenticated by the server; after the user session is successfullycreated, the server issuing a one-time token to the client; wherein the token is used for user identity confirmation in the subsequent request process, sending the token to the server side along withthe user request, the token being immediately invalid after the server side passes the verification, and then the server side creating a new token and issuing the new token to the user for the next request to confirm the identity of the user. Compared with the prior art, effective user login can be realized in a scene that a client browser cannot provide user password input or other identity authentication capabilities, the illegal request interception rate of malicious attackers can be improved, and the development cost and the maintenance cost are reduced.

Description

technical field [0001] The present invention relates to the technical field of H5-based server-client sessions, and in particular to a method for tracking sessions of H5 unlogged-in users. Background technique [0002] Due to the stateless nature of the HTTP protocol, applications built with H5 technology usually use server-side session (Session) combined with client-side session (Cookie) to identify users and maintain session state. This technology requires users to log in through a password or other authentication methods to create a session, and session data cannot be recorded for users who are not logged in. However, in some application scenarios, the user login operation cannot be completed on the H5 page due to business processes or security reasons. In order to solve the problem of user login, most of the existing technologies use the H5 password control, the browser client password control or the token technology to realize user identification. [0003] There are m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0807H04L63/083H04L63/0884H04L67/02H04L67/141
Inventor 陈胤陈鹏
Owner BANK OF COMMUNICATIONS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com