java - 单点登录ticket怎么保存在服务端,怎么发送给用户?
ringa_lee2017-04-17 18:02:25
There are many solutions:
1. The user logs in through the single sign-on server. After successful login, the single sign-on server assigns a ticket to the user. Then the single sign-on server uses the ticket as the key and the username as the value, and stores them in redis. Determine whether the user session is valid by determining whether the key is valid.
A subsequent service will send a ticket to the single sign-on server to verify whether the ticket is valid and determine whether the user is logged in.
But there will be a problem. A certain user can log in continuously, so the single sign-on server will store the ticket in redis every time. Although the ticket has an expiration time, it may be stored in redis in a short period of time. Write a large number of tickets.
2. Put it in a cookie and pass it to the client through cookies. If it is disabled by the client browser, it cannot be used. 3. Bind to session.
