The Design And Implementation Of Cross-Domain Single Sign-On System Based On Cookie

The rise of the Internet and Web2.0 brings a wealth of Web application services,but the sites' authentication systems are independent of each other, and users'authentication information can not be shared among the various sites.While users enjoy the convenience of rich Internet applications, they need to remember a large number of user name and password. This causes users'inconvenience and a great security risk.Single sign-on technology not only changes the lack of traditional identity authentication technology, but also improves the efficiency of system management. However, the existing single sign-on technologies such as Kerberos protocol, Passport protocol are not suited to the rich Web applications because of their defects, such as complex client-side design, fee-based services,and inefficiencies caused by redirection technology, and so on.In view of this situation, this paper analyzes and researches the existing single sign-on model,and then uses the Kerberos protocol which is based on C/S applications and Microsoft's Passport protocol for reference and improves them to design and implement a cross-domain single sign-on system based on Cookie according to the characteristics of Web application. The system uses an improved agent-based single sign-on model which stores user information decentralized, and introduces the technology of safe Cookie to store users'authentication ticket, uses MD5 with salt encryption technology to ensure the security of user information. At the same time, this article improves the traditional certification process based on redirection technology, introduces Socket and Ajax technologies to reduce excessive interaction between client and server, and uses P3P technology to solve the problem of Cookie's cross-domain getting and setting. The system does not require expanding the client operating environment, not have to support plug-ins and user agents.It provides users with safe, easy and reliable single sign-on service in the Web environment.At beginning, this paper describes the background of researched projects, analysis of the existing single sign-on technology, the classification of the single sign-on model.Then this paper improves the existing solution, completes the detailed design of the system, and analyzes the security of the system. Finally, this project is implemented on Java platform, deployed and applied in the system composed of BBS and SNS,which are typical web applications.