The purpose of SSO is to implement single-point landing, all authorized member sites can be accessed without login, so the member site determines whether the user is login. The member site first reads the cookie, get the current TicketID, then get the user login information corresponding to this ID, and its status from Passport Server, and determines whether users are allowed to access. Reading cookies can have several situations: (1) After reading cookies, if you find that there is no cookie existent, you cannot read the TicketID and determine whether the user logins, then you need to get the Ticketid from Passport Server, this Also use cookie to pass. (2) After getting Ticketid from cookie, the passport verification found that the ID has failed or does not exist, should you give the user to quit? To consider this situation, the user does not turn off the browser, and there is no normal exit from the previous user. Use another account from the Passport Server. At this time, the cooki of the member site is still recorded. The original ID. At this point, use this ID verification discovery has been invalid, then you need to get a new ID, so it should be treated as the first middle situation when discovered or does not exist with the Cache of Passport Server. (3) When Cookie is not available from Passport Server, then the user is not logged in, then go to the landing page. (4) After getting the correct TicketID, the corresponding user login status and information are obtained by the interface provided by Passport Server. The member site then makes itself a series of processing.
