The invention discloses a method and a device for session message interaction between a resource server and a client side. According to the method and the device for the session message interaction between the resource server and the client side, the resource server transmits a session message to the client side according to a first secret key of the resource server, obtained through calculation, after the resource server successfully validates a first digital signature and a second digital signature, and similarly the client side transmits a session message to the resource server according to second secret key of the client side, obtained through calculation, after the client side successfully validates a third digital signature and a forth digital signature. When an authentication manager pretends to be the resource server and interacts with the client side, the authentication manager needs to obtain a private key of an authorization server, and furthermore when the authorization server pretends to be the resource server and interacts with the client side, the authorization server needs to obtain a private key of the authentication manager, but the authentication manager and the authorization server can not obtain the private keys from each other, and accordingly the secret keys obtained through consultation are high in safety, and then the session messages transmitted based on the secret keys obtained through the consultation are high in security.