An account can only be logged in on the same device at the same time

I use PHP to realize that an account can only be logged in on the same device at the same time. Note that it is not the same IP.
Before, I added a field to the MYSQL table to show whether you are logged in. If you are logged in, it is set to 1, and if you are logged out, it is set to 0.
But later I found that there is no way to set this field to 0 when the browser is forcibly closed. Got it!
I thought about it for a long time but couldn’t come up with a solution. Later I saw on the Internet that it seemed that it could be implemented using redis, so I started learning redis in the past two days. But I found that there is no idea if I continue to study like this.
So I came here to ask for advice. Can anyone with experience tell me how to achieve it? Thanks! Happy Mid-autumn Festival!

Reply content:

I use PHP to realize that an account can only be logged in on the same device at the same time. Note that it is not the same IP.
Before, I added a field to the MYSQL table to show whether you are logged in. If you are logged in, it is set to 1, and if you are logged out, it is set to 0.
But later I found that there is no way to set this field to 0 when the browser is forcibly closed. Got it!
I thought about it for a long time but couldn’t come up with a solution. Later I saw on the Internet that it seemed that it could be implemented using redis, so I started learning redis in the past two days. But I found that there is no idea if I continue to study like this.
So I came here to ask for advice. Can anyone with experience tell me how to achieve it? Thanks! Happy Mid-autumn Festival!

If it is Redis, you can use hash structure to store account login information.

hash structure: key field value

hash related commands http://redisdoc.com/hash/inde...

Detailed implementation:

In the hash structure, when using the same key field to write data, the historical data will be overwritten

Redis> hset key field Test
Redis> hget key field
"Test"
Redis> hset key field Run
Redis> hget key field
"Run"

In this way, the needs of a single account can be realized. Specify a key to store the account login information. Field is the primary key of each account. Then each login will clear the previous login information, and the previous login information will become invalid. This way The previous login status will become invalid.

If you consider the login of different devices, you can change the field to the form of devicename-uid to ensure that only one login information can exist for a device.

You need to know what you need?
Single sign-on or limit single device?
A single device is the same computer with multiple browsers?

A solution about using mysql

If efficiency is not considered, you only need to add two fields Expiration time and Unique device identifier next to the field of your original record Have you logged in in mysql? Change the previous conditions for judging whether to log in by "Is it 1" becomes "Is it 1 and not expired and the device unique identifier is consistent". The value of expiration time is updated every time the user performs an operation. If there is no operation for a period of time, the login status can "automatically" expire. This can solve your problem of "forcibly closing the browser. There is no way to set this field." is 0" problem.

Use phpredis for simple implementation

If you are new to redis, and you only need to use redis to control user login, but you don’t know much about the data structure, the string type can satisfy you (if possible, it may be better to use hash good).

The following is described using the related classes provided by the phpredis extension as a background:

Suppose a certain account with user ID is 100 logs in and records the login device information in redis

<?php
/**
 * 注册用户登录设备信息
 * 
 * 登录后向redis中写入登录的设备标识信息，如果在此之前已经登录了别的设备，之前登录的设备将被强制下线
 */
function registerUserDevice()
{
    $userId = 100; // 假设用户id为100
    $redis = new Redis();
    $redisHost = '127.0.0.1';
    $redisPort = 6379;
    $redis->connect($redisHost, $redisPort);
    $cacheName = 'deviceUUID:user'.$userId; 
    $deviceUUID = getDeviceUUID(); // 假设有 getDeviceUUID() 函数用于获取/生成设备的唯一标识符
    $timeout = 600; // 用户10十分钟无操作自动下线
    $redis->set($cacheName, $deviceUUID);
    $redis->setTimeout($cacheName, $timeout);
}

Every time the device performs other operations, it needs to update the expiration time of the device information in redis

<?php
/**
 * 延长redis中设备标识信息的生存时间
 *
 * 重新设置redis中用户设备标识信息的过期时间
 * @return bool true = 更新成功， false = 更新失败，当前设备需要重新登录
 */
function extendDeviceInfoTTL()
{
    $userId = 100; // 假设用户id为100
    $redis = new Redis();
    $redisHost = '127.0.0.1';
    $redisPort = 6379;
    $redis->connect($redisHost, $redisPort);
    $cacheName = 'deviceUUID:user'.$userId; 
    $deviceUUID = getDeviceUUID(); // 假设有 getDeviceUUID() 函数用于获取/生成设备的唯一标识符
    $timeout = 600; // 用户10十分钟无操作自动下线
    $cachedDeviceUUID = $redis->get($cacheName);
    $isTimeout = false === $cachedDeviceUUID;
    $isTheRightDevice = $deviceUUID === $cachedDeviceUUID;
    if($isTimeout || !$isTheRightDevice){
        return false;
    }
    $redis->setTimeout($cacheName, $timeout);
    return true;
}

When the user account in the device logs out, the device information in redis needs to be cleared

<?php
/**
 * 销毁用户设备信息
 * 
 * 用在执行登出操作时
 */
function delUserDevice()
{
    $userId = 100; // 假设用户id为100
    $redis = new Redis();
    $redisHost = '127.0.0.1';
    $redisPort = 6379;
    $redis->connect($redisHost, $redisPort);
    $cacheName = 'deviceUUID:user'.$userId; 
    $redis->delete($cacheName);
}

Of course, the above solution of using string type instead of hash type is not reasonable in terms of resource utilization and efficiency. If you want to have a deeper understanding and application of redis, I recommend you read the book "Redis IN ACTION". Specific to using redis in php, you can choose to use phpredis extension or predis.

A project I worked on some time ago probably had something like this. The general purpose was that only one terminal could log in to this account, that is, one account could not be logged in to multiple places at the same time.

The solution is to add a field token in the database. Each time you log in, a new token is generated based on the timestamp and others. The token is continuously detected during the entire process. If it changes, it means that the user logged in elsewhere.

Add a field to the database: temporary token; after logging in, this temporary token will be randomly generated, and the user will generate a corresponding session based on this token; when another device logs in, the temporary token is updated; the original device's The session cannot match the token of the database; it will automatically jump out!