REQ一直绞尽脑汁试图弄清楚如何使用相同的用户名防止多次登录 [英] REQ Been racking my brain trying to figure out how to prevent multiple login with same username
问题描述
我已经在这个主题上搜索谷歌,似乎没有人真正知道如何解决这个问题。
目标我不希望客户给出他们的用户名和朋友的密码,因为网站
依赖于子承担费用。
会话ID在浏览器和服务器之间匹配。因此,用户可以使用相同的
用户名和密码登录,并且会单独跟踪这些会话。
有人建议创建包含会话ID和时间戳的表字段。但是我的客户可以在页面上花费很多时间,而且我不想强迫他们重新登录,这会很烦人。
另一方面,一些客户端没有正确注销并且会话打开活动和/或运行时间戳的脚本不会清除该字段。接下来他们登录邮票时会看到他们是活跃的,并且不允许他们登录。
我是一位经验丰富的PHP程序员但是这个任务让我进入了圈子。每当我想我有一个方法已经解决了 - 有一个原因就是为什么它不会。
我正在考虑的方法是获取并循环所有服务器会话用户名值 - 然后
将这些值与flaged登录相比较用户表中的字段。这样,如果一个标志是
否定,我将允许用户登录并创建一个会话并标记该字段。如果会话
不存在,则清除该标志。我会以10分钟的间隔运行cron。如果我找到2
会话使用相同的用户名我取消设置 - 然后向客户端发送电子邮件提醒他们
多次登录是件坏事
听起来不错吗?其他人有更好的主意吗?
I''ve searched google intensely on this topic and it seems noone really knows how to approch this.
The goal I don''t want clients to give out their usernames and passwords to friends, since the site
relies on subscrption fees.
Sessions ID''s are matched between the browser and the server. So a users can login with same
username and password and those sessions are tracked individually.
Some suggest create table fields with the session ID and a time stamp. However my clients can spend
alot of time on a page and I don''t want to force them to re-login, would be annoying.
On the other hand, some clients do not logout properly and sessions open active and/or a script that
runs the timestamp does not clear that field. Then the next they login the stamp reads that they are
active and will not allow them to login.
I''m an experienced PHP programmer yet this task has got me going in circles. Everytime I think I
have a method worked out - there is a reason why it won''t.
The approach I''m considering now is to grab and loop all the server sessions username values - then
compare those values to a flaged "logged-in" field from the user table. That way if a flag is
negative I will allow the user to login in and create a session and flag that field. If a session
does not exist then the flag is cleared. I would run the cron 10 minute intervals. If I find 2
sessions with same username I unset both - then fire off an email to the client reminding them
multiple logins are a bad thing
Does this sound right? Anyone else have a better idea?
推荐答案
Gleep写道:
Gleep wrote:
有些建议创建具有会话ID和时间戳的表字段。但是我的客户可以花很多时间在一个页面上,我不想强迫他们重新登录,这会很烦人。
Some suggest create table fields with the session ID and a time stamp. However my clients can spend
alot of time on a page and I don''t want to force them to re-login, would be annoying.
Sun Microsystems的网页使用弹出窗口,你的会话是关于
到期,延长吗?。然后你有几分钟点击
" extend"保持你的会话活着。如果你不这样,会话
最终会超时。也许这是一种方法。
Sun Microsystems'' webpage uses a popup with "your sessions is about
to expire, extend it?". Then you have a couple of minutes to click
"extend" to keep your session alive. If you don''t, the session
eventually times out. Perhaps that''s one way to go.
如果我做对了,如果用户不更新你想要的是做什么
他们的会议例如在20分钟内,会议将被终止。但是如果数据库中存在会话,那么
,你只需要用相同的用户名取消任何
其他会话,对吧?
简单地说,每5分钟运行一次cron来执行php脚本,
会检查所有内容。当用户登录并且每次他们验证
服务器时,更新mysql表说time()+ 60 * 10(10分钟)。
所以如果脚本是由cron执行发现
到期时间已经结束,会话被破坏了!
他们不需要那个到期消息,因为到期时间
将自动更新(每个请求+ 10分钟)
此外,所有这一切都有一个很大的劣势 - 用户可以拥有他们的
cookies被禁用,然后你会在你的数据库中创建大量的会话......所以你会因此而死。
当用户登录时,在登录页面设置一个cookie
If i got it right, what you want is to do that if users dont update
their session e.g. in 20 minutes, the session will be terminated. But
if the session exists in the database, you will simply disalow any
other sessions with the same username, right?
Simply, run cron for each 5 minutes to execute the php script that
would check everything. When user logins and each time they erquest the
server, update the mysql table saying time() + 60*10 ( 10 minutes ).
So if the script that is being executed by cron finds that the
expiration time has ended, the session is destroyed!
They wouldnt need that expiration mesage because the expiration time
would be automatically updates ( + 10 minutes for each request )
Also, there is a big disadvantage in all of this - users can have their
cookies disabled and then you''d get a big amount of sessions created in
your database... so you''d be dead because of that.
Just when users are logging in, in the login page set a cookie
_COOKIE [''do_login''] = true;当用户请求实际登录
页面时,所有信息都被发送 -
_COOKIE[''do_login''] = true; and when user requests the actual login
page, where all the info is sent - the
这篇关于REQ一直绞尽脑汁试图弄清楚如何使用相同的用户名防止多次登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
