1.背景条件
- 两个系统A和B
- A为主,B为次
- 登录入口是A
2.共享登录逻辑流程(不使用session)
- A登录时,生成一个随机码token,例如UUID
- 将token做为key,userId做为value,存入redis,设置过期时间
- 将token存入cookie,设置过期时间,设置domain
- A,B系统通过cookie获取token,然后从redis获取userId
- 注销时,删除redis中的token,删除cookie
3.session共享逻辑流程(使用session)
- A登录时,将信息存入session,然后生成一个随机码token,例如UUID
- 将token做为key,session做为value,存入redis,设置过期时间
- 将token存入cookie,设置过期时间,设置domain
- A,B系统通过cookie获取token,然后从redis获取session
- 判断从redis获取的session和原来的session是否一致,若不一致,则需要覆盖原来的session(主要为了防止重复覆盖和session不一致)
- 注销时,删除redis中的token,删除cookie
代码举例(第二种)
- A系统 login:
// 系统session
session.set("userId","firetw");
...
// session信息存入map
Map<String,String> sessionMap = new HashMap<String, String>();
sessionMap.put("userId","firetw");
...
HttpServletResponse response = ServletActionContext.getResponse();
// 随机token
String token=UUID.randomUUID().toString().toLowerCase().replace("-", "");
// userId存入redis
RedisUtil.setString("token_"+token, bean.getUserId(), pcExpire);
// sessionMap存入redis
RedisUtil.setMap("session_"+token, sessionMap, pcExpire);
//token存入cookie
Cookie cookie = new Cookie("wx_token", token);
cookie.setPath("/");
cookie.setDomain(".zpfdomain.com");
cookie.setMaxAge(pcExpire);
response.addCookie(cookie);
- A,B系统公用sessionUtils
/**
* 把redis中的sessionMap复制到appSession中
* @param request
* @param appSession
*/
public static void initSession(HttpServletRequest request, AppSession appSession) {
Map<String, String> sessionMap = SessionUtils.getSessionMap(request);
if (MapUtils.isEmpty(sessionMap)) {
appSession.set(PageParamConstant.LOGIN_ID, "");
} else {
if (!sessionMap.get(PageParamConstant.LOGIN_ID).equals(appSession.getStringValue(PageParamConstant.LOGIN_ID))) {
appSession.set(PageParamConstant.LOGIN_ID, sessionMap.get(PageParamConstant.LOGIN_ID));
appSession.set(PageParamConstant.PASSWORD,DesCodeUtil.encrypt(sessionMap.get(PageParamConstant.PASSWORD)));
}
}
}
/**
* 从redis中获取session
* @param request
* @return
*/
@SuppressWarnings("unchecked")
public static Map<String, String> getSessionMap(HttpServletRequest request) {
String token = getToken(request);
Map<String, String> sessionMap = RedisUtil.getMap("session_"+token);
return sessionMap;
}
/**
* 获取cookie中的token
* @param request
* @return
*/
public static String getToken(HttpServletRequest request) {
String token = "";
Cookie c = CookieTool.getCookieByName(request, "wx_token");
if (c != null) {
token = c.getValue();
}
return token;
}
/**
* 根据名字获取cookie(接口方法)
*
* @author
* @param request
* @param name
* cookie名字
* @return
*/
public static Cookie getCookieByName(HttpServletRequest request, String name) {
Map<String, Cookie> cookieMap = ReadCookieMap(request);
if (cookieMap.containsKey(name)) {
Cookie cookie = (Cookie) cookieMap.get(name);
return cookie;
} else {
return null;
}
}
/**
* 将cookie封装到Map里面(非接口方法)
*
* @author
* @param request
* @return
*/
private static Map<String, Cookie> ReadCookieMap(HttpServletRequest request) {
Map<String, Cookie> cookieMap = new HashMap<String, Cookie>();
Cookie[] cookies = request.getCookies();
if (null != cookies) {
for (Cookie cookie : cookies) {
cookieMap.put(cookie.getName(), cookie);
}
}
return cookieMap;
}
- 注销 logout
Cookie[] cookies = httpServletRequest.getCookies()
String wx_token=""
for (Cookie cookie : cookies) {
if("wx_token".equals(cookie.getName())){
wx_token = cookie.getValue()
RedisUtil.removeKey("token_"+wx_token)
RedisUtil.removeKey("session_"+wx_token)
// 销毁cookie
HttpServletResponse response = ServletActionContext.getResponse()
cookie.setMaxAge(0)
// 必须要设置,否组浏览器不会删除cookie
cookie.setPath("/")
cookie.setDomain(".zpfdomain.com")
response.addCookie(cookie)
}
}