The article examines a single sign‑on loop‑login problem caused by Secure‑flagged cookies being set over HTTP, explains how missing tokens trigger endless redirects, and recommends enforcing HTTPS or using a non‑Secure auxiliary token to break the redirect cycle.
This article explains the concepts, formats, common problems, and testing applications of cookies, sessions, and tokens, helping readers grasp how these mechanisms work together to manage authentication and state in web applications.
This article explains the evolution from basic web cookies to session management, explores domain sharing, details cookie‑session architecture, introduces single sign‑on methods, and compares the traditional session approach with JWT token authentication, highlighting their advantages, limitations, and implementation considerations.
This article explains the stateless nature of HTTP, introduces session and cookie mechanisms for single‑system login, discusses the challenges of multi‑system applications, and provides a step‑by‑step guide with Java code to implement Single Sign‑On (SSO) including login, token verification, global and local sessions, and coordinated logout.
This guide explains how to implement QQ login using the official OAuth2.0 flow, covering developer registration, creating a website application, obtaining the authorization code, access token, and OpenID, and finally calling the get_user_info API to retrieve user details.
This article explains how to build a QR code login feature for web applications by coordinating mobile and web servers, generating UUIDs, storing temporary data in Redis, and polling for authentication, providing a practical step‑by‑step guide with diagrams.
This article explains the end‑to‑end implementation of QR‑code login, covering how a web page requests a QR image, how the server stores a UUID in Redis, how a mobile app scans the code and validates the user, and how the browser finally receives a token to complete authentication.
This article explains the technical principles and step‑by‑step implementation of QR code login used by major platforms like WeChat and Taobao, covering server‑side UUID generation, Redis storage, token exchange, client polling, JSONP handling, and concrete code examples.
This article explains the technical principles and step‑by‑step implementation of QR‑code login, covering both the web‑client and server sides, with detailed examples from WeChat and Taobao, including request flows, Redis usage, token handling, and JavaScript code snippets.
This article explains the technical workflow of QR code login, covering the generation of UUIDs, QR images, server‑side Redis storage, mobile‑side token verification, long‑polling mechanisms, and the concrete implementations used by WeChat and Taobao, providing a complete reference for developers building similar authentication features.
This article explains the technical principles behind QR code login, detailing the client‑server interaction, UUID generation, Redis storage, long‑polling, and token handling, and illustrates the implementation with real‑world examples from Taobao and WeChat, including code snippets and flow diagrams.
This article reviews the historical development, current practices, and future direction of web authentication, covering traditional password login, third‑party protocols like OpenID and OAuth2.0, two‑factor authentication methods, and the emerging password‑less WebAuthn standard.
This tutorial walks through a complete Spring Boot demo that sets up Maven dependencies, creates Thymeleaf front‑end pages (home, login, hello), implements a main Application class, a HomeController, and a WebSecurityConfig to secure the application with in‑memory authentication, illustrating how to protect URLs, configure a custom login page, and enable logout functionality.
This comprehensive article explores the business need for Single Sign-On, explains its internal ticket‑based mechanisms, presents detailed Web‑SSO and desktop SSO implementations with full source code, analyzes security and performance risks, and offers step‑by‑step deployment guidance for Java/J2EE environments.
