QR Code Login Mechanism: Web and Mobile Interaction Overview

QR code login allows users to log in to a website by scanning a QR code with their mobile device, providing a convenient and secure authentication method.

When a user opens the login page, the browser sends a request to the server for a QR code. The server generates a UUID, stores it as a key in Redis with an expiration time, combines it with a verification string, creates a QR image, and returns both the image and the UUID to the browser.

The browser displays the QR code and repeatedly polls the server (e.g., every second) with the UUID to check whether the login has succeeded.

On the mobile side, the user scans the QR code, obtaining the verification information and the same UUID. Because the mobile app is already logged in, it holds a token from which the userId can be extracted securely. The mobile app sends a verification request containing the token and UUID to its own server, which validates the request and stores the userId in Redis using the UUID as the key.

When the browser’s polling request finds the userId in Redis, it creates a session token for the web side, returns the user information to the browser, and the login is considered successful. Storing only the userId (instead of full user data) avoids inconsistencies between mobile and web user profiles.

（End）