How to implement code scanning login in redis

Requirement introduction

First of all, let’s introduce what scanning code login is. Now, most students have QQ, Taobao, Tmall and other software installed on their mobile phones. The companies that develop these apps have their corresponding websites. In order to make login more convenient and secure for users when using their website. These companies provide services where you can log in using your mobile phone by scanning. The effect when logging in to the web page is as follows:

Many friends may find it strange that the web page only displays a QR code. How does it know which mobile phone scanned the QR code and logged in? Moreover, after the login is completed, the user information can be directly displayed to the user, which is really amazing.

Principle explanation

Web page server

The next step is the detailed implementation of this service. When a user opens the website login page, a request will be sent to the browser server to obtain the login QR code. This is the principle.

After the server receives the request, it randomly generates a uuid, stores this id as a key value in the redis server, and sets an expiration time. After expiration, the user's login QR code needs to be refreshed and reacquired. At the same time, combine this key value with the company's verification string, and generate a QR code image through the QR code generation interface (QR code generation, there are many ready-made interfaces and source codes on the Internet, which will not be introduced here. .) Then, return the QR code image and uuid to the user's browser.

The browser will periodically send requests to the server to check whether the login is successful. These requests include QR code and UUID information. The request carries uuid as the identifier of the current page. Some students may be confused because the server only stores UUID as a key in Redis, so where does the user's ID information come from?

There will indeed be user ID information here. This ID information is stored in redis by the mobile server.

Mobile Server

When the browser obtains the QR code, it displays it on the web page and prompts the user: "Please take out your mobile phone and open Scan to log in ". The user takes out his mobile phone and scans the QR code to get a verification information and a uuid (the function of scanning the QR code to obtain a string also has many demos on the Internet, so I will not introduce it in detail here).

Since the mobile terminal has already logged in, when accessing the mobile terminal server, the parameters will carry a user's token, and the mobile terminal server can parse it to the user's userId (here the value is obtained from the token) Instead of transmitting the userid directly on the mobile phone, it is for security. Directly transmitting the userid may be intercepted and modified. The token is encrypted, so the risk of modification will be much smaller).

The mobile phone uses the parsed data and the user token as parameters to send a verification login request to the server (the server here is the mobile server, and the mobile phone server is not the same server as the web server). After receiving the request, the server will first compare the verification information in the parameters to confirm whether it is the interface requested by the user to log in. If so, return a confirmation message to the mobile phone.

When the mobile phone receives a response, the login confirmation box should be displayed to avoid user misoperation and improve the login experience. After the user confirms that the login operation is carried out, the mobile phone sends the request again. After the server gets the uuId and userId, it stores the user's userid as the value in a key-value pair in redis with uuid as the key.

Login successful

Then, when the browser sends a request again, the browser-side server can get a user ID, call the login method, and sound it into a browser-side token, and then When the browser sends the request again, the user information is returned to the browser and the login is successful. We choose to store user IDs rather than store user information directly because the user information on the mobile phone and the browser may not be exactly the same.

The login schematic diagram is as follows:

##

The above is the detailed content of How to implement code scanning login in redis. For more information, please follow other related articles on the PHP Chinese website!