1. Implement SMS login based on session

1.1 SMS login flow chart

1.2 Implementation of sending SMS verification code

Front-end request instructions:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result sendCode(String phone, HttpSession session) {
        // 1. 校驗手機號
        if(RegexUtils.isPhoneInvalid(phone)){
            // 2. 如果不符合，返回錯誤信息
            return Result.fail("手機號格式錯誤！");
        }
        // 3. 符合，生成驗證碼（設(shè)置生成6位）
        String code = RandomUtil.randomNumbers(6);
        // 4. 保存驗證碼到 session
        session.setAttribute("code", code);
        // 5. 發(fā)送驗證碼（這里并未實現(xiàn)，通過日志記錄）
        log.debug("發(fā)送短信驗證碼成功，驗證碼：{}", code);
        // 返回 ok
        return Result.ok();
    }
}

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result login(LoginFormDTO loginForm, HttpSession session) {
        // 1. 校驗手機號
        String phone = loginForm.getPhone();
        if(RegexUtils.isPhoneInvalid(phone)){
            // 不一致，返回錯誤信息
            return Result.fail("手機號格式錯誤！");
        }
        // 2. 校驗驗證碼
        String cacheCode = (String) session.getAttribute("code");
        String code = loginForm.getCode();
        if(cacheCode == null || !cacheCode.equals(cacheCode)){
            // 不一致，返回錯誤信息
            return Result.fail("驗證碼錯誤！");
        }
        // 4. 一致，根據(jù)手機號查詢用戶（這里使用的 mybatis-plus）
        User user = query().eq("phone", phone).one();
        // 5. 判斷用戶是否存在
        if(user == null){
            // 6. 不存在，創(chuàng)建新用戶并保存
            user = createUserWithPhone(phone);
        }
        	// 7. 保存用戶信息到 session 中（通過 BeanUtil.copyProperties 方法將 user 中的信息過濾到 UserDTO 上，即用來隱藏部分信息）
        session.setAttribute("user", BeanUtil.copyProperties(user, UserDTO.class));
        return Result.ok();
    }

    private User createUserWithPhone(String phone) {
        // 1. 創(chuàng)建用戶
        User user = new User();
        user.setPhone(phone);
        user.setNickName("user_" + RandomUtil.randomString(10));
        // 2. 保存用戶（這里使用 mybatis-plus）
        save(user);
        return user;
    }
}

public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 獲取 session
        HttpSession session = request.getSession();
        // 2. 獲取 session 中的用戶
        UserDTO user = (UserDTO) session.getAttribute("user");
        // 3. 判斷用戶是否存在
        if(user == null){
            // 4. 不存在，攔截，返回 401 未授權(quán)
            response.setStatus(401);
            return false;
        }
        // 5. 存在，保存用戶信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 6. 放行
        return true;
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        // 移除用戶，避免內(nèi)存泄露
        UserHolder.removeUser();
    }
}

public class UserHolder {
    private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();

    public static void saveUser(UserDTO user){
        tl.set(user);
    }

    public static UserDTO getUser(){
        return tl.get();
    }

    public static void removeUser(){
        tl.remove();
    }
}

@Configuration
public class MvcConfig implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new LoginInterceptor())
                .excludePathPatterns(
                        "/user/login",
                        "/user/code"
                );
    }
}

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result me() {
        UserDTO user = UserHolder.getUser();
        return Result.ok(user);
    }
}

• Data sharing (different tomcats can access data in Redis)

• Memory storage (Redis stores through memory)

• key, value structure (Redis is a key-value structure)

3.1 Redis implements shared session login flow chart

##3.2 Implement sending SMS verification code

Front-end request instructions:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Resource
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public Result sendCode(String phone, HttpSession session) {
        // 1. 校驗手機號
        if (RegexUtils.isPhoneInvalid(phone)) {
            // 2. 如果不符合，返回錯誤信息
            return Result.fail("手機號格式錯誤！");
        }
        // 3. 符合，生成驗證碼（設(shè)置生成6位）
        String code = RandomUtil.randomNumbers(6);
        // 4. 保存驗證碼到 Redis（以手機號為 key，設(shè)置有效期為 2min）
        stringRedisTemplate.opsForValue().set("login:code:" + phone, code, 2, TimeUnit.MINUTES);
        // 5. 發(fā)送驗證碼（這里并未實現(xiàn)，通過日志記錄）
        log.debug("發(fā)送短信驗證碼成功，驗證碼：{}", code);
        // 返回 ok
        return Result.ok();
    }
}

3.3 Implement SMS verification code login and registration

Front-end request instructions:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result login(LoginFormDTO loginForm, HttpSession session) {
        // 1. 校驗手機號
        String phone = loginForm.getPhone();
        if(RegexUtils.isPhoneInvalid(phone)){
            // 不一致，返回錯誤信息
            return Result.fail("手機號格式錯誤！");
        }
        // 2. 校驗驗證碼
        String cacheCode = (String) session.getAttribute("code");
        String code = loginForm.getCode();
        if(cacheCode == null || !cacheCode.equals(cacheCode)){
            // 不一致，返回錯誤信息
            return Result.fail("驗證碼錯誤！");
        }
        // 4. 一致，根據(jù)手機號查詢用戶（這里使用的 mybatis-plus）
        User user = query().eq("phone", phone).one();
        // 5. 判斷用戶是否存在
        if(user == null){
            // 6. 不存在，創(chuàng)建新用戶并保存
            user = createUserWithPhone(phone);
        }
        	// 7. 保存用戶信息到 session 中（通過 BeanUtil.copyProperties 方法將 user 中的信息過濾到 UserDTO 上，即用來隱藏部分信息）
        session.setAttribute("user", BeanUtil.copyProperties(user, UserDTO.class));
        return Result.ok();
    }

    private User createUserWithPhone(String phone) {
        // 1. 創(chuàng)建用戶
        User user = new User();
        user.setPhone(phone);
        user.setNickName("user_" + RandomUtil.randomString(10));
        // 2. 保存用戶（這里使用 mybatis-plus）
        save(user);
        return user;
    }
}

public class RefreshTokenInterceptor implements HandlerInterceptor {

    private StringRedisTemplate stringRedisTemplate;

    public RefreshTokenInterceptor(StringRedisTemplate stringRedisTemplate){
        this.stringRedisTemplate = stringRedisTemplate;
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 獲取請求頭中的 token
        String token = request.getHeader("authorization");
        if (StrUtil.isBlank(token)) {
            return true;
        }
        // 2. 基于 token 獲取 redis 中的用戶
        String tokenKey = "login:token:" + token;
        Map<Object, Object> userMap = stringRedisTemplate.opsForHash().entries(tokenKey);
        // 3. 判斷用戶是否存在
        if (userMap.isEmpty()) {
            return true;
        }
        // 5. 將查詢到的 Hash 數(shù)據(jù)轉(zhuǎn)為 UserDTO 對象
        UserDTO user = BeanUtil.fillBeanWithMap(userMap, new UserDTO(), false);
        // 6. 存在，保存用戶信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 7. 刷新 token 有效期 30 min
        stringRedisTemplate.expire(tokenKey, 30, TimeUnit.MINUTES);
        // 8. 放行
        return true;
    }
}

public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 獲取 session
        HttpSession session = request.getSession();
        // 2. 獲取 session 中的用戶
        UserDTO user = (UserDTO) session.getAttribute("user");
        // 3. 判斷用戶是否存在
        if(user == null){
            // 4. 不存在，攔截，返回 401 未授權(quán)
            response.setStatus(401);
            return false;
        }
        // 5. 存在，保存用戶信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 6. 放行
        return true;
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        // 移除用戶，避免內(nèi)存泄露
        UserHolder.removeUser();
    }
}

public class UserHolder {
    private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();

    public static void saveUser(UserDTO user){
        tl.set(user);
    }

    public static UserDTO getUser(){
        return tl.get();
    }

    public static void removeUser(){
        tl.remove();
    }
}

@Configuration
public class MvcConfig implements WebMvcConfigurer {

    @Resource
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RefreshTokenInterceptor(stringRedisTemplate))
                .addPathPatterns("/**").order(0);
        registry.addInterceptor(new LoginInterceptor())
                .excludePathPatterns(
                        "/user/login",
                        "/user/code"
                ).order(1);
    }
}

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result me() {
        UserDTO user = UserHolder.getUser();
        return Result.ok(user);
    }
}

The above is the detailed content of How to implement SMS login in Redis shared session application. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undress AI Tool

Undress images for free

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Grass Wonder Build Guide | Uma Musume Pretty Derby

4 weeks ago By Jack chen

Roblox: 99 Nights In The Forest - All Badges And How To Unlock Them

4 weeks ago By DDD

Uma Musume Pretty Derby Banner Schedule (July 2025)

1 months ago By Jack chen

RimWorld Odyssey Temperature Guide for Ships and Gravtech

3 weeks ago By Jack chen

Windows Security is blank or not showing options

4 weeks ago By 下次還敢

Show More

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Laravel Tutorial

1597

29

PHP Tutorial

1488

72

Show More

Related knowledge

Redis: A Comparison to Traditional Database Servers May 07, 2025 am 12:09 AM

Redis is superior to traditional databases in high concurrency and low latency scenarios, but is not suitable for complex queries and transaction processing. 1.Redis uses memory storage, fast read and write speed, suitable for high concurrency and low latency requirements. 2. Traditional databases are based on disk, support complex queries and transaction processing, and have strong data consistency and persistence. 3. Redis is suitable as a supplement or substitute for traditional databases, but it needs to be selected according to specific business needs.

How to limit user resources in Linux? How to configure ulimit? May 29, 2025 pm 11:09 PM

Linux system restricts user resources through the ulimit command to prevent excessive use of resources. 1.ulimit is a built-in shell command that can limit the number of file descriptors (-n), memory size (-v), thread count (-u), etc., which are divided into soft limit (current effective value) and hard limit (maximum upper limit). 2. Use the ulimit command directly for temporary modification, such as ulimit-n2048, but it is only valid for the current session. 3. For permanent effect, you need to modify /etc/security/limits.conf and PAM configuration files, and add sessionrequiredpam_limits.so. 4. The systemd service needs to set Lim in the unit file

Is Redis Primarily a Database? May 05, 2025 am 12:07 AM

Redis is primarily a database, but it is more than just a database. 1. As a database, Redis supports persistence and is suitable for high-performance needs. 2. As a cache, Redis improves application response speed. 3. As a message broker, Redis supports publish-subscribe mode, suitable for real-time communication.

Redis: Beyond SQL - The NoSQL Perspective May 08, 2025 am 12:25 AM

Redis goes beyond SQL databases because of its high performance and flexibility. 1) Redis achieves extremely fast read and write speed through memory storage. 2) It supports a variety of data structures, such as lists and collections, suitable for complex data processing. 3) Single-threaded model simplifies development, but high concurrency may become a bottleneck.

Steps and examples for building a dynamic PHP website with PhpStudy May 16, 2025 pm 07:54 PM

The steps to build a dynamic PHP website using PhpStudy include: 1. Install PhpStudy and start the service; 2. Configure the website root directory and database connection; 3. Write PHP scripts to generate dynamic content; 4. Debug and optimize website performance. Through these steps, you can build a fully functional dynamic PHP website from scratch.

Laravel Page Cache Policy May 29, 2025 pm 09:15 PM

Laravel's page caching strategy can significantly improve website performance. 1) Use cache helper functions to implement page caching, such as the Cache::remember method. 2) Select the appropriate cache backend, such as Redis. 3) Pay attention to data consistency issues, and you can use fine-grained caches or event listeners to clear the cache. 4) Further optimization is combined with routing cache, view cache and cache tags. By rationally applying these strategies, website performance can be effectively improved.

When Should I Use Redis Instead of a Traditional Database? May 13, 2025 pm 04:01 PM

UseRedisinsteadofatraditionaldatabasewhenyourapplicationrequiresspeedandreal-timedataprocessing,suchasforcaching,sessionmanagement,orreal-timeanalytics.Redisexcelsin:1)Caching,reducingloadonprimarydatabases;2)Sessionmanagement,simplifyingdatahandling

What Is Redis and How Does It Differ From Traditional SQL Databases? May 24, 2025 am 12:13 AM

RedisisuniquecomparedtotraditionalSQLdatabasesinseveralways:1)Itoperatesprimarilyinmemory,enablingfasterreadandwriteoperations.2)Itusesaflexiblekey-valuedatamodel,supportingvariousdatatypeslikestringsandsortedsets.3)Redisisbestusedasacomplementtoexis

See all articles