Modification requirement: After logging in to an account, other users can log in to the account again! The current account will be forced offline, just like the abnormal login on QQ! Can anyone give me a specific implementation idea? ?
Modification requirement: After logging in to an account, other users can log in to the account again! The current account will be forced offline, just like the abnormal login on QQ! Can anyone give me a specific implementation idea? ?
Generate a token and store it in the database and write it into the session. When operating, compare the session token with the database. If they are different, logout.
"If other users log in to this account again! The current account will be forced offline"
This is whether you want it in time or after refreshing (sending http request again).
The former requires a long connection like a socket, or a heartbeat packet.
@xfspace also made it clearer about the next or latter operation.
Every time you log in, a random token is generated for cookie verification.
The tokens generated by different logins are also different. Naturally, the previously generated cookies will be invalid.
However, it should be noted that if the user directly copies and injects the cookie into the local area network, Use it in the browser of another computer, and it’s hard to identify the server side.
It’s not that troublesome.
1. Create a new token table.
Fields: token (token, usually 8 random strings are enough), uid (user ID of this site), expiresIn (expiration time)
When a user successfully logs in, a record is inserted, and all the previous token data of the user are expired or deleted. This ensures that only one valid token is active at the same time, preventing repeated logins.