Just implement an encryption method yourself. (Algorithms such as summary algorithms that do not require inverse solutions are sufficient) Then obtain the main hardware of the computer where the project is deployed, such as the motherboard, network card, hard drive, etc., use these data to calculate a value in the project, and fill it in with the user If the entered keys are relatively the same, the formal project will be started. If they are different, you will be prompted to fill in the key. mac地址 As for how to obtain the other party's hardware information, it's up to you. For example, just ask the comrade who deployed the project to send it back to you, and then you use that calculation to calculate a key and send it back.
You generate a key yourself and distribute it everywhere.
For example, build another web service, use this machine to generate a batch
and distribute it. Then after the project is started, first request this server to perform the verification. The server will verify whether the key exists, whether it has been used, and send the used one. Is the key machine the same machine as the first activation? (Just use the same irreversible algorithm) UUID Or even simpler, use a pseudo-random algorithm (reversible algorithm). A batch of keys can be calculated based on the seed, and the seed can be decoded for each key. Decrypt the input key when the project is started to determine whether it is the seed.
The premise is that you have already given this key to the customer through other means.
Verify whether the access is illegal through strong verification such as cookie判断是否已经登陆,如果验证比较严谨,你这种按授权来的也可以加些ip地址,macaddress, after all, your customer base is probably not the general public.
The authorized usage period, you said it is calculated on a one-month basis, and some advanced customers may calculate it on a half-year basis, so this is decided when generating. You can use redis to store your For this redis存储你的这个key,可以设置过期时间,每次访问从cookie取key(多数是要加密的),根据key可以去redis, you can set the expiration time, and get
from cookie for each visit (most of them need to be encrypted). According to
, you can go to redis to get the remaining authorization time.
springmvc
If you fail to verify the key and access any page, you must jump back to the page where you entered the key. The question has a
tag, so you should know that the requests are intercepted and then processed before jumping. You should have an idea.
I don’t know how your key and user are bound. It should be the user's unique identifier. The unique identifier and key of the matching user can be stored in the database or cache to determine whether the user has permission. As for page jumps, a filter is enough.
You can generate a secret key after logging in successfully, store it in a cookie and set the cookie expiration date. Verify it every time you refresh the web page. This is a relatively simple method
In the absence of other external certificates, what is the difference between the subject's requirement and "record the login status for a period of time after logging in using the username and password"?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Simply speaking, there are two types
Generate key based on the other party’s machine.
Just implement an encryption method yourself. (Algorithms such as summary algorithms that do not require inverse solutions are sufficient)
Then obtain the main hardware of the computer where the project is deployed, such as the motherboard, network card, hard drive, etc., use these data to calculate a value in the project, and fill it in with the user If the entered keys are relatively the same, the formal project will be started. If they are different, you will be prompted to fill in the key.
mac地址As for how to obtain the other party's hardware information, it's up to you. For example, just ask the comrade who deployed the project to send it back to you, and then you use that calculation to calculate a key and send it back.
For example, build another web service, use this machine to generate a batchand distribute it. Then after the project is started, first request this server to perform the verification. The server will verify whether the key exists, whether it has been used, and send the used one. Is the key machine the same machine as the first activation? (Just use the same irreversible algorithm)
UUIDOr even simpler, use a pseudo-random algorithm (reversible algorithm). A batch of keys can be calculated based on the seed, and the seed can be decoded for each key.Decrypt the input key when the project is started to determine whether it is the seed.
-
, you can go to -
tag, so you should know that the requests are intercepted and then processed before jumping. You should have an idea.
🎜 🎜The premise is that you have already given this
keyto the customer through other means.Verify whether the access is illegal through strong verification such as
cookie判断是否已经登陆,如果验证比较严谨,你这种按授权来的也可以加些ip地址,macaddress, after all, your customer base is probably not the general public.The authorized usage period, you said it is calculated on a one-month basis, and some advanced customers may calculate it on a half-year basis, so this is decided when generating.
fromYou can use
redisto store your For thisredis存储你的这个key,可以设置过期时间,每次访问从cookie取key(多数是要加密的),根据key可以去redis, you can set the expiration time, and getcookiefor each visit (most of them need to be encrypted). According toredisto get the remaining authorization time.
If you fail to verify the key and access any page, you must jump back to the page where you entered the key. The question has aspringmvcI don’t know how your key and user are bound. It should be the user's unique identifier. The unique identifier and key of the matching user can be stored in the database or cache to determine whether the user has permission. As for page jumps, a filter is enough.
You can generate a secret key after logging in successfully, store it in a cookie and set the cookie expiration date. Verify it every time you refresh the web page. This is a relatively simple method
In the absence of other external certificates, what is the difference between the subject's requirement and "record the login status for a period of time after logging in using the username and password"?
Thank you for your replies, but I'm sorry that I can only accept one answer.