WO2016179348A1 - Mehtod, device and server for managing user login sessions - Google Patents
Mehtod, device and server for managing user login sessions Download PDFInfo
- Publication number
- WO2016179348A1 WO2016179348A1 PCT/US2016/030889 US2016030889W WO2016179348A1 WO 2016179348 A1 WO2016179348 A1 WO 2016179348A1 US 2016030889 W US2016030889 W US 2016030889W WO 2016179348 A1 WO2016179348 A1 WO 2016179348A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- login
- session
- user
- queue
- managing
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Definitions
- the present disclosure relates to the technical field of Internet technology, and particularly to a method, device and server for managing user login sessions.
- a legitimate user can log into a website through a computing device using the user's username and password.
- An illegitimate user may steal the user's password when the user logs into a website via a PC, and the illegitimate user may keep the legitimate user's login session on the computing device active by periodically refreshing the web page, which refreshes a login timestamp.
- the login session can be kept active by refreshing the webpage to refresh the login timestamp.
- the login session may be kept open by the illegitimate user even if the legitimate user changes the login password.
- the illegitimate user can still refresh the login session timestamp by refreshing the page to keep the login session, and login status, active despite the legitimate user's password change.
- the illegitimate user can keep the login session, and status, active without the legitimate user's knowledge or permission.
- Embodiments of the present disclosure seek to address failings in the art and to provide a capability to effectively manage the login status of a legitimate user's login session(s).
- each login session created by logging in using a legitimate user's user identifier (UID) can be effectively managed using a login session queue.
- each login session that has been started by logging in using the legitimate user's UID can remain under the control of the legitimate user, thus avoiding any login security issues for the legitimate user in connection with the user's UID.
- a method for managing user login sessions using a server is provided.
- the method comprises querying, using a server computing device and a user ID (UID), to detect whether a login session queue corresponding to the user ID exists in a session cache list, the querying being performed after a successful login of the user with the user ID via a login medium; managing, using the server computing device, the user's login status through the login session queue, if the querying detects that the login session queue corresponding to the user ID exists in the session cache list; and storing, using the server computing device, a session ID in a login session queue corresponding to the UID in the session cache list if the querying detects an absence of the login session queue corresponding to the user ID in the session cache list.
- UID user ID
- a server computing device for managing user login sessions.
- the server computing device comprising a query module querying, using a user ID, to detect whether a login session queue corresponding to the user ID exists in a session cache list, the querying being performed after a successful login of the user with the user ID via a login medium; a managing module managing the user's login status through the login session queue, if the query module detects that the login session queue corresponding to the user ID exists in the session cache list; and a first storage module storing a session ID in a login session queue corresponding to the UID in the session cache list if the query module detects an absence of the login session queue corresponding to the user ID in the session cache list.
- a server comprising a processor a storage medium for tangibly storing thereon program logic for execution by the processor, the stored program logic comprising: querying logic executed by the processor for querying, using a user ID, to detect whether a login session queue corresponding to the user ID exists in a session cache list, the querying being performed after a successful login of the user with the user ID via a login medium; managing logic executed by the processor for managing the user's login status through the login session queue, if the querying detects that the login session queue corresponding to the user ID exists in the session cache list; and storing logic executed by the processor for storing a session ID in a login session queue corresponding to the UID in the session cache list if the querying detects an absence of the login session queue corresponding to the user ID in the session cache list.
- embodiments of the present disclosure queries, according to the UID, whether there is any existing login session queue corresponding to the UID in the session cache list; if any, the user login status is managed through the login session queue, so that the login status created with a UID can be effectively managed by the legitimate user through the login session queue, and thus any security issues can be prevented for the legitimate user under the circumstance that the login status created with a UID is beyond the legitimate user's control.
- FIG 1 is a flow diagram of the method for managing user login sessions according to one exemplary embodiment of the present disclosure
- FIG. 2 is a flow diagram of the method for managing user login sessions according to another exemplary embodiment of the present disclosure
- FIG. 3 is a flow diagram of the method for managing user login sessions according to yet another exemplary embodiment of the present disclosure
- FIG 4A is a flow diagram of the method for managing user login sessions according to yet another exemplary embodiment of the present disclosure.
- FIG 4B is a flow diagram of a means of realization in accordance with step 402 in the embodiment as shown in FIG 4A;
- FIG 5 is a scene graph of the user login session management according to an exemplary embodiment of the present disclosure.
- FIG 6 illustrates a schematic view of the structure of a server according to an exemplary embodiment of the present disclosure
- FIG 7 illustrates a schematic view of the structure of a device for managing user login sessions according to one exemplary embodiment of the present disclosure
- FIG 8 illustrates a schematic view of the structure of a device for managing user login sessions according to another exemplary embodiment of the present disclosure
- FIG 9 illustrates a schematic view of the structure of a device for managing user login sessions according to yet another exemplary embodiment of the present disclosure
- FIG. 10 illustrates a schematic view of the structure of a device for managing user login sessions according to yet another exemplary embodiment of the present disclosure
- first, second and third' may be used herein to describe all kinds of information, the information shall not be limited to the connotation of these terms. These terms are only used to distinguish the information of the same type among each other.
- a first information can be called a second information, and similarly a second information can be called a first information. It is determined by the context, e.g., the word “if used herein can be interpreted as "when", “while” or "in response to the determination”.
- a login session is a process which can be begin with the user successfully logging in and can end with the user logging off or with a session expiration, the latter of which can be due to a login timeout.
- an SID identifying a login session corresponding to the user's login can be generated, and the SID can be used to track the login session corresponding to the user's login.
- the present disclosure queries, using the user's UID and after the user has successfully logged in with the UID through a login medium, whether there is any existing login session queue corresponding to the UID in the session cache list. If there is a login session queue
- the user's login status is managed using the login session queue.
- the status of a legitimate user's login with the user's UID can be effectively managed by the legitimate user through the login session queue, and thus any security issues can be prevented for the legitimate user, including the circumstance in which the status of the user's login with the user's UID would otherwise be beyond the legitimate user's control.
- FIG 1 is illustrative of a flow diagram of a method for managing user login sessions in accordance with an exemplary embodiment of the present disclosure.
- the session cache list is queried using the user's UID after the user has successfully logged in with the UID via a login medium to detect whether there is any existing login session queue corresponding to the UID in the session cache list. If a login session queue is detected in the session cache list, step 102 is executed. If a login session queue is not detected in the session cache list, step 103 is executed.
- Examples of login mediums include a PC, a mobile phone, or a tablet, etc.
- the UID can be the user's username used to log in to a website.
- hanmei2015 is the UID registered by Han Mei on the AAA portal site, and Han Mei can log into the AAA portal site with the UID.
- Han Mei can log into the AAA portal site through a PC browser, as well as a mobile phone browser.
- the session cache list can be implemented through a
- an SID can be created for this login and a mapping relationship between the UID and the SID can be established and stored in the session cache list in a login session queue corresponding to the UID.
- a UID corresponds to a login session queue, in which the corresponding login medium (e.g., a PC, a mobile phone, a tablet, etc.), IP address, time and browser information (e.g., browser name, version number, etc.) of each login to the AAA portal site with the UID can be recorded; if the storage capacity of the login session queue is adequate, the login session queue can record all the login history about when and through what login medium the user logged into the AAA portal site with the UID.
- the corresponding login medium e.g., a PC, a mobile phone, a tablet, etc.
- IP address e.g., IP address
- time and browser information e.g., browser name, version number, etc.
- step 102 which is performed if the querying performed in step 101 detects a login session queue corresponding to the UID in the session cache list, the user's login status is managed using the login session queue corresponding to the UID detected the session cache list, and the process ends.
- management of the login session queue can be implemented by determining whether the size of the login session queue exceeds a predetermined threshold. In another embodiment, management of the login session queue can be implemented by determining whether the storage duration of each SID in the login session queue exceeds a predetermined storage cycle. In yet another embodiment, each currently active login session in the login session queue can also be managed based on the login permission settings set by the user.
- Han Mei personally logs into the AAA portal site with the UID hanmei2015 and this is not the first time that the hanmei2015 UID has been used by Han Mei to log in to the AAA portal site.
- a login session queue corresponding to the hanmei2015 UID exists in the session cache list, and the current login session and a login session history of other logins to the AAA portal site with the hanmei2015 UID can be stored in the login session queue.
- Han Mei logs into the AAA portal site with the hanmei2015 UID on a public computer but forgets to log out.
- An illegitimate user Li Ming continues the login session, which began with Han Mei logging in to the AAA portal site with Han Mei's UID on the public computer. As discussed herein, Li Ming can continue the login session by performing a web page refresh, for example.
- Han Mei After Han Mei is home and logs in to the AAA portal site with the hanmei2015 UID again, Han Mei can manage the login status of a login session, including the one currently being kept active by Li Ming on the public computer, through the login session queue corresponding to the hanmei2015 UID. If the login session queue indicates that Han Mei remains logged in to the AAA portal site with the hanmei2015 UID on the public computer, Han Mei can log out of the AAA portal site on the public computer, which results in the illegitimate user Li Ming being prevented from continuing to use Han Mei's login session into the AAA portal site.
- each login session created using the UID hanmei2015 can be effectively managed by Han Mei using the login session queue, and thus any security issues can be eliminated, including the security issues associated with Han Mei's login session created with the hanmei2015 UID, which login session's status would otherwise be beyond her control.
- step 103 which is performed if the querying performed in step 101 detects an absence of a login session queue corresponding to the UID in the session cache list, the SID corresponding to the current login of the user is stored in a login session queue in the session cache list, and the process ends.
- Han Mei logs in to the AAA portal site with the hanmei2015 UID for the first time, which is the first UID that Han Mei uses.
- an SID is created for the login session associated with Han Mei's login with the hanmei2015 UID, and the SID is stored in a login session queue.
- the login session queue can be used to manage the login status of each login session associated with a login using the hanmei2015 UID.
- At least one embodiment provided herein queries, using a UID, whether there is any existing login session queue corresponding to the UID in the session cache list and manages the user login status through the login session queue if an existing login session queue is detected.
- the at least one embodiment enables legitimate users to effectively manage, through the login session queue, the login status of each login session created by the user logging in with the UID. Furthermore and in accordance with at least one embodiment, any security issues can be prevented or eliminated for a legitimate user, even in a case that a login session created with the UID would otherwise be beyond the legitimate user's control.
- FIGs. 2 and 3 illustrate a storage capacity management of a login session queue in accordance with one or more embodiments of the present disclosure.
- FIG 2 provides a flow diagram illustrating a method for managing user login sessions in accordance with at least one exemplary embodiment of the present disclosure.
- storage capacity of a login session queue can be managed by deleting an SID in the login session queue.
- the method in the example shown in FIG. 2 comprises steps 201-204.
- step 201 a determination is made whether a size of a login session queue exceeds a predetermined threshold. If the login session queue's size exceeds the predetermined threshold, processing continues in step 202. If the login session queue's size does not exceed the predetermined threshold, processing continues in step 204.
- an SID corresponding to each login session is created to record the login actions involving Han Mei's hanmei2015 UID.
- the threshold corresponding to the size of Han Mei's login session queue can be set to a value, such as and without limitation a value of 50, so that Han Mei's login session queue can record Han Mei's login status on the AAA portal site in connection with 50 logins using the hanmei2015 UID.
- the predetermined threshold used in accordance with at least one embodiment of the present disclosure can be reasonably determined based on various factors, such as and including user login frequency, a user rating (e.g., a login rating represented by stars, i.e., one-star, two-star, etc.), a user type (e.g., enterprise user and individual user) and a storage capacity of the cache list.
- a user rating e.g., a login rating represented by stars, i.e., one-star, two-star, etc.
- a user type e.g., enterprise user and individual user
- a storage capacity of the cache list e.g., a storage capacity of the cache list.
- a user rating e.g., a login rating represented by stars, i.e., one-star, two-star, etc.
- a user type e.g., enterprise user and individual user
- storage capacity of the cache list e.g., a storage capacity of the cache list.
- each invalid login session in the login session queue is identified and each login session identified as being invalid is deleted from the login session queue, if the size of the login session queue exceeds the predetermined threshold.
- Each invalid login session deleted from the login session queue in step 203 is stored in a first database. In one embodiment, by storing the invalid login sessions in the first database, the user can query the login status history of his/her own UID on any login medium (e.g., a PC) in the first database when the user wishes to do so. Processing ends in step 203.
- an invalid login session in the login session queue can be determined according to preset conditions. For example, if a user's invalid login sessions are determined by the user's login time, the oldest login sessions can be deleted. As yet another example, a user's invalid login sessions can be determined by a predetermined login medium set by the user. For example, Han Mei logs into the AAA portal site with the hanmei2015 UID, and her favorite login medium is a PC. Therefore, Han Mei can set a predetermined login medium to be the PC and indicate that any login sessions with the hanmei2015 UID generated using a mobile device are to be deleted.
- step 204 the SID corresponding to a specific login is stored in the login session queue, if the predetermined threshold has not been exceeded, and the process ends.
- any invalid login sessions are deleted from the login session queue, so as to promptly clear the invalid login sessions in the login session queue and reduce the storage space of the session cache list by the space occupied by the invalid login session(s).
- FIG 3 provides a flow diagram illustrating a method for managing user login sessions in yet another exemplary embodiment of the present disclosure.
- storage capacity of a login session queue can be controlled by deleting an SID in the login session queue using a storage cycle.
- the method in the example shown in FIG. 3 comprises steps 301-305.
- a storage duration of each SID in the login session queue is determined. In one embodiment, if the storage cycle is, for example, set to be 1 month, each SID in the login session queue with a storage duration exceeding 1 month is regarded as an invalid login session. [0048] In step 302 each SID in the login session queue that has a storage duration not exceeding the storage cycle is considered to be an active SID in the login session queue. In step 303, each SID identified as being active in step 302 is stored in a second database.
- steps 302 and 303 by storing the active SID in the second database, when the user wishes to perform a password change, the user's active SID can be obtained from the second database.
- Each of the active login sessions that is to be deleted in accordance with the user's login permission settings can be deleted, and each active login session that is permitted by the login permission settings can be maintained.
- the user is able to maintain a plurality of login sessions with the same UID on the same login medium (e.g., a PC) in accordance with the login permission settings in a Browser/Server mode (B/S mode).
- B/S mode Browser/Server mode
- the user is also able to permit only one login with the same UID via the same login medium.
- the user is able to flexibly manage the login status of his/her UID.
- each login session in the login session queue exceeding the storage cycle is determined to be an invalid login session in the login session queue.
- each invalid login session is stored in the first database.
- steps 304 and 305 by storing the invalid login session in the first database, regarded as a security information platform, when it is desirable to ascertain the login status of all of the user's login session, the user's invalid login sessions can be obtained from the first database. Furthermore and when it is desirable to penalize an illegitimate user, any UIDs of the illegitimate user can be taken back, so that the illegitimate user's UIDs can no longer be used by the illegitimate user, and the login status of the illegitimate user can be revoked.
- each SID having a storage duration exceeding the predetermined storage cycle can be deleted from the login session queue, so as to promptly clear the invalid login sessions in the login session queue and reduce the storage space occupied by the invalid login sessions.
- the embodiments shown in FIGs. 2 and 3 can be combined, so that all of a user's login sessions can be stored.
- the storage capacity of the cache list can be maintained within a certain range. For example, if the number of active users of the AAA portal site each day is 50,000,000, then for the AAA portal site, the required storage capacity of the server is: (50,000,000 users) * (the login times per day per user) * (the storage space every login session occupies), which means that a storage capacity of at least 1024G is required.
- the storage capacity of the session cache list can be reduced and the management of all the user logins of the AAA portal site can be implemented by the prompt deletion of SIDs in the login session queue.
- the security management of a user's login status is undertaken in the Client/Server mode (C/S mode).
- C/S mode Client/Server mode
- the instant messaging tool QQ only allows one login for a login medium (e.g., a PC), and other logins from the same medium (i.e., other PCs) would be forced offline; the same UID cannot be flexibly used to simultaneously perform a plurality of logins and remain online via the same login medium.
- Embodiments of the present disclosure are based on the B/S mode, in which the same UID can be used for a plurality of logins via the same login medium based on the user's login permission settings. Please refer to the exemplary embodiments shown in FIGs. 4A and 4B.
- FIG 4A provides flow diagram illustrating a method for managing user login sessions according to yet another exemplary embodiment of the present disclosure.
- the exemplary embodiment shown in FIG 4A comprises steps 401 and 402.
- the user's login permission settings are determined after determining that the user is performing a password change via the current login medium.
- Han Mei's login permission settings can be set according to her actual login preference. For example, Han Mei can set simultaneous logins in the office and at home as permitted through the IP address, as well as simultaneous logins on two mobile phones based on the login medium, and so on.
- Han Mei can set simultaneous logins in the office and at home as permitted through the IP address, as well as simultaneous logins on two mobile phones based on the login medium, and so on.
- Han Mei can set login permission according to login medium (e.g., a PC, a mobile phone, a tablet, etc.), IP address, time and browser information (e.g., browser name, version number, etc.) to be recorded in the login session queue, so that Han Mei can have personalized login permission settings.
- login medium e.g., a PC, a mobile phone, a tablet, etc.
- IP address e.g., IP address
- time and browser information e.g., browser name, version number, etc.
- step 402 the active login sessions in the login session queue are managed based on the user's login permission settings.
- Han Mei's login permission settings specify that only certain IP addresses from the office and home are permitted.
- the login session is deleted, forcing the illegitimate user offline, thereby enabling Han Mei to have control over logins from the different IP address, and avoiding any login security issues.
- FIG 4B provides a flow diagram illustrating an implementation in accordance with step 402 in the embodiment as shown in FIG 4A, wherein step 402 may comprise steps 411 and 412 of Figure 4B.
- each currently active login session in the login session queue is identified.
- each currently active login session that is permitted by the user's login permission settings is kept and each currently active login session that is not permitted by the user's login permission settings is deleted.
- Han Mei sets the school IP address as unpermitted, thus, when it is detected that the school IP address is recorded in the login session queue, the SID of login at the school IP address will be deleted, so that Li Lei's school login status is deleted and Li Lei is forced offline.
- the login session associated with Li Lei logging in to the AAA portal site through the school IP address can be within Han Mei's control and Han Mei's management of her login status is improved.
- the login permission can be set according to login media (e.g., a PC, a mobile phone, a tablet, etc.), IP address, time and browser information (e.g., browser name, version number, etc.) corresponding to the UIDs recorded in the login session queue, thereby personalizing login permission settings according to the preset login permission settings, improving the flexibility in managing the user's login status.
- login media e.g., a PC, a mobile phone, a tablet, etc.
- IP address e.g., IP address, time and browser information (e.g., browser name, version number, etc.) corresponding to the UIDs recorded in the login session queue, thereby personalizing login permission settings according to the preset login permission settings, improving the flexibility in managing the user's login status.
- FIG. 5 provides a scene graph of a user's login session management according to an exemplary embodiment of the present disclosure.
- the exemplary embodiment of FIG. 5 comprises steps 501-512.
- step 501 a user logs in with a UID via a login medium.
- the user can be directed to corresponding transactions.
- the embodiments of the present disclosure do not describe these corresponding transactions in detail.
- step 502 an SID is created for the user's login.
- step 503 the session cache list is queried using the user's UID.
- step 504 a determination is made whether there is any existing login session queue corresponding to the UID in the session cache list. If it is determined, in step 504, that a login session queue corresponding to the UID exists in the session cache list, execution proceeds to step 505. If it is determined, in step 504, that a login session queue corresponding to the UID does not exist in the session cache list, execution proceeds to step 508.
- step 505 the login session queue corresponding to the UID is obtained from the cache list.
- step 506 a determination is made whether the size of the login session queue exceeds a predetermined threshold. If the size of the login session queue exceeds a predetermined threshold, executing proceeds to step 507. Otherwise, execution proceeds to step 508.
- step 507 each invalid login session in the login session queue is identified.
- step 510 each invalid login session identified in step 507 is deleted from the login session queue and stored in the first database. Processing ends.
- step 508 a new login session corresponding to the UID is created and stored in the cache list.
- step 509 a determination is made whether the storage duration of any SID in the login session queue exceeds the predetermined storage cycle.
- Each SID with an associated storage duration exceeding the storage cycle period is stored in the first database and each SID with an associated storage during not exceeding the storage cycle is stored in the second database. Processing ends.
- each currently-active login session is retrieved from the second database when the user is detected as performing a password change operation.
- the currently-active login sessions retrieved from the second database are managed. Any login sessions that are not permitted by the user's login permission settings are deleted.
- the user can obtain all login status for a given UID on all login media (e.g., a PC, a mobile phone) through the login session queue, including the active and invalid logins.
- a plurality of simultaneous logins with the same UID via the same login medium e.g., a PC
- Embodiments of the present disclosure also enable the login via the current login medium to remain valid while forcing the logins via other login media offline when the user is detected to be performing a password change.
- the present disclosure also discloses a schematic view of the structure of a server in accordance with an exemplary embodiment of the disclosure, shown in FIG. 6.
- the server comprises a processor, an internal bus, a network interface, a memory and a nonvolatile memory.
- the server may include other hardware.
- the processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the program, and thus logically forms a device for managing user login sessions.
- a software In addition to a software
- FIG 7 provides an illustration of a schematic view of the structure of a device for managing user login sessions in accordance with one exemplary embodiment of the disclosure.
- the device for managing the login sessions can comprise a query module 71, a managing module 72 and a first storage module 73.
- the query module 71 queries, using the UID and after the user has successfully logged in with the UID via a login medium, whether there is any existing login session queue
- the managing module 72 manages the user login status through the login session queue if the query module 71 detects that there is an existing login session queue.
- the first storage module 73 stores the SID corresponding to the new login in the session cache list in the form of a login session queue if the query module 71 detects that there is no existing login session queue.
- FIG. 8 provides an example of a schematic view of the structure of a device for managing user login sessions according to another exemplary embodiment of the present disclosure.
- the device shown in FIG. 7 can further comprise a creation module 74, which is used to create an SID for this login for the user, an establishment module 75, which is used to establish the mapping relationship between the UID and the SID is created by the creation module 74.
- the mapping relationship is established by the establishment module 75 for the query module 71, to query, according to the UID, the login session queue in the session cache list.
- the managing module 72 can comprise a first determination unit 721, a second determination unit 722 and a storage unit 723.
- the first determination unit 721 determines whether the size of the login session queue detected by the query module 71 exceeds the predetermined threshold.
- determination unit 722 identifies any invalid login sessions in the login session queue and deletes any invalid login session(s) from the login session queue, if the first determination unit 721 determines that the login session queue's size exceeds the predetermined threshold.
- the storage unit 723 stores the SID corresponding to the new login in the login session queue, if the first determination unit 721 determines that the size of the login session queue does not exceed the predetermined threshold.
- the device can further comprises a second storage module 76 to store the invalid login session identified by the second determination unit 722 in the first database.
- FIG 9 provides an example of a schematic view of a structure of a device for managing user login sessions in accordance with yet another exemplary embodiment of the present disclosure.
- the managing module 72 shown in FIG 7 can comprise a third determination unit 724, a fourth determination unit 725 and a deletion unit 726.
- the third determination unit 724 determines whether the storage duration of each login SID in the login session queue detected by the first query module exceeds the predetermined storage cycle.
- the fourth determination unit 725 identifies each SID (determined by the third determination unit 724) having a storage duration exceeding the predetermined storage cycle in the login session queue as an invalid login session in the login session queue.
- the deletion unit 726 deletes each invalid login session identified by the fourth determination unit 725 from the login session queue.
- the device can further comprise a third storage module 77 to store, in the first database, each invalid login session deleted by the deletion unit 726.
- the device can further comprise a first determination module 78 to determine each SID (detected by the query module 71) having a storage duration not exceeding the predetermined storage cycle in the login session queue as an active SID, and a fourth storage module 79 to store each active SID determined by the first determination module 78 in the second database.
- FIG. 10 provides an example of a schematic view of the structure of a device for managing user login sessions in accordance with yet another exemplary embodiment of the present disclosure.
- the managing module 72 shown in FIG 7 can comprise a fifth determination unit 726 to determine the user's login permission settings after detecting that the user is performing a password change via the current login medium, and a managing unit 727 to manage the currently-active login sessions in the login session queue according to the login permission settings determined by the fifth determination unit 726.
- the managing module 727 can comprise a determination subunit 7271 to determine the currently-active login sessions in the login session queue, and a managing subunit 7272, to keep the permitted SID in the login session queue and delete the unpermitted SID in accordance with the login permission settings determined by determination subunit 7271.
- the embodiments of the present disclosure can realize security management of the login sessions based on the Browser/Server mode with various major websites, enabling a legitimate user to effectively manage, using a login session queue corresponding with a UID, the status of login sessions created using the UID, and preventing the login sessions created by logging in with the same UID from being beyond the legitimate user's control, thus avoiding login security issues. Additionally, the storage space of the session cache list occupied by the invalid login session(s) can be reduced by promptly deleting the invalid login session(s).
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16790059.6A EP3292465A4 (en) | 2015-05-07 | 2016-05-05 | Mehtod, device and server for managing user login sessions |
JP2017553355A JP6563515B2 (en) | 2015-05-07 | 2016-05-05 | Method, device and server for managing user login sessions |
SG11201708868XA SG11201708868XA (en) | 2015-05-07 | 2016-05-05 | Mehtod, device and server for managing user login sessions |
KR1020177031892A KR102027668B1 (en) | 2015-05-07 | 2016-05-05 | How to manage user login sessions, devices, and servers |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510229467.8 | 2015-05-07 | ||
CN201510229467.8A CN106209744B (en) | 2015-05-07 | 2015-05-07 | Subscriber sign-in conversation management-control method, device and server |
US15/146,074 US10182058B2 (en) | 2015-05-07 | 2016-05-04 | Method, device and server for managing user login sessions |
US15/146,074 | 2016-05-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016179348A1 true WO2016179348A1 (en) | 2016-11-10 |
Family
ID=57218373
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2016/030889 WO2016179348A1 (en) | 2015-05-07 | 2016-05-05 | Mehtod, device and server for managing user login sessions |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2016179348A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224932A (en) * | 2019-10-15 | 2020-06-02 | 平安科技(深圳)有限公司 | User management method and device of server out-of-band management system |
CN111865904A (en) * | 2020-06-04 | 2020-10-30 | 河南中医药大学 | Safe user online state control method and device |
US11075922B2 (en) | 2018-01-16 | 2021-07-27 | Oracle International Corporation | Decentralized method of tracking user login status |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070183365A1 (en) * | 2006-02-07 | 2007-08-09 | Yoshihiro Ohba | Media-Independent Handover: Session Identifier |
US20070266257A1 (en) * | 2004-07-15 | 2007-11-15 | Allan Camaisa | System and method for blocking unauthorized network log in using stolen password |
US20120174223A1 (en) * | 2006-03-31 | 2012-07-05 | Ori Eisen | Systems and methods for detection of session tampering and fraud prevention |
US20120323717A1 (en) * | 2011-06-16 | 2012-12-20 | OneID, Inc. | Method and system for determining authentication levels in transactions |
US8819803B1 (en) * | 2012-06-29 | 2014-08-26 | Emc Corporation | Validating association of client devices with authenticated clients |
-
2016
- 2016-05-05 WO PCT/US2016/030889 patent/WO2016179348A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070266257A1 (en) * | 2004-07-15 | 2007-11-15 | Allan Camaisa | System and method for blocking unauthorized network log in using stolen password |
US20070183365A1 (en) * | 2006-02-07 | 2007-08-09 | Yoshihiro Ohba | Media-Independent Handover: Session Identifier |
US20120174223A1 (en) * | 2006-03-31 | 2012-07-05 | Ori Eisen | Systems and methods for detection of session tampering and fraud prevention |
US20120323717A1 (en) * | 2011-06-16 | 2012-12-20 | OneID, Inc. | Method and system for determining authentication levels in transactions |
US8819803B1 (en) * | 2012-06-29 | 2014-08-26 | Emc Corporation | Validating association of client devices with authenticated clients |
Non-Patent Citations (1)
Title |
---|
See also references of EP3292465A4 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11075922B2 (en) | 2018-01-16 | 2021-07-27 | Oracle International Corporation | Decentralized method of tracking user login status |
CN111224932A (en) * | 2019-10-15 | 2020-06-02 | 平安科技(深圳)有限公司 | User management method and device of server out-of-band management system |
CN111224932B (en) * | 2019-10-15 | 2022-01-04 | 平安科技(深圳)有限公司 | User management method and device of server out-of-band management system |
CN111865904A (en) * | 2020-06-04 | 2020-10-30 | 河南中医药大学 | Safe user online state control method and device |
CN111865904B (en) * | 2020-06-04 | 2022-08-23 | 河南中医药大学 | Safe user online state control method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10182058B2 (en) | Method, device and server for managing user login sessions | |
US9432358B2 (en) | System and method of authenticating user account login request messages | |
US10375054B2 (en) | Securing user-accessed applications in a distributed computing environment | |
US11228593B2 (en) | Session security splitting and application profiler | |
US11683252B2 (en) | Centralized session management in an aggregated application environment | |
EP3164795B1 (en) | Prompting login account | |
EP2567528B1 (en) | Managing multiple logins from a single browser | |
US9871813B2 (en) | Method of and system for processing an unauthorized user access to a resource | |
US20180103065A1 (en) | Identity security and containment based on detected threat events | |
US20110258326A1 (en) | Method, device, and system for implementing resource sharing | |
US9900318B2 (en) | Method of and system for processing an unauthorized user access to a resource | |
US20140165164A1 (en) | Method to Obtain a Virtual Desktop Stored in a Cloud Storage System, a Corresponding Cloud Broker and Cloud Desktop Agent | |
US20140208408A1 (en) | Methods and apparatus to facilitate single sign-on services | |
US9935940B1 (en) | Password security | |
WO2018024176A1 (en) | Device and method preventing repeated logins of same user | |
US20110225648A1 (en) | Method and apparatus for reducing the use of insecure passwords | |
WO2016179348A1 (en) | Mehtod, device and server for managing user login sessions | |
US11089019B2 (en) | Techniques and architectures for secure session usage and logging | |
WO2015062266A1 (en) | System and method of authenticating user account login request messages | |
US20220393899A1 (en) | System and method for an attention management platform and service | |
Tomlinson et al. | Sessions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16790059 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017553355 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201708868X Country of ref document: SG |
|
ENP | Entry into the national phase |
Ref document number: 20177031892 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |