Laravel 5.1:如何限制帐户访问权限,以便一次可以访问一个帐户 [英] Laravel 5.1: How to limit account access so one account can be accessed at one time
问题描述
我是Laravel的新手,但我想限制帐户访问权限,以便一次只能登录一个帐户.例如,如果我要在工作计算机上登录自己的帐户,然后同时在家用计算机上登录,它将无法登录并提示我注销第一台计算机.
I am relatively new to Laravel, but I would like to restrict account access so that only one account can be logged into at one time. For example, if I were to log into my account on my work computer and then I logged in at my home computer simultaneously, it would not log me in and prompt me to logout of the first computer.
做到这一点的最佳和正确方法是什么?
What is the best and correct way of doing this?
非常感谢
推荐答案
这不是关于Laravel的问题,而是一个逻辑"问题.简而言之,我会构建这样的东西;
This is more a 'logic' question than one about Laravel. In short I would build something like this;
- 向用户表中添加一个带有时间戳的字段,例如"active_at",并根据此登录名(可能基于IP +设备信息)创建一个具有唯一值的"active_device";
- 用户登录后,我将更新此字段;
- 与后台相比,每分钟JavaScript会在服务器上每分钟调用一次脚本(或更短的时间取决于您的意愿),以验证当前登录的用户并更新"active_at"时间戳字段;
- 然后,当我在某个地方登录时,我将检查'active_at'是否过时并且与'active_device'哈希不匹配,我会提示用户注销其他设备,这将清空这些字段.
通过以仅允许登录过程接管设备(而不是JavaScript活动ping)的方式进行设置,您最终将无法在两个设备之间进行争斗:)
By setting things up in a way only the login-procedure is allowed to take over a device (and not the JavaScript activity ping) you won't end up battling between two devices :)
如果您想提示有关其他设备的更多信息(到目前为止,我们只有一个散列的设备信息字符串),则可以为该设备添加另一个具有人类可读名称的字段,或者使用某种加密的字符串,以便您可以在需要时将其解密.
If you want to prompt with more information about the other device (as for now we only have a hashed device info string) you could either add another field with a human readable name for the device or use some sort of encrypted string so you could decrypt it when needed.
最后一点是,如果active_device哈希值不再匹配,则让服务器代码处理步骤3销毁当前的身份验证会话.最酷的事情是将用户重定向到登录页面,仅要求输入密码以重新验证当前设备(并触发登录过程覆盖active_device信息).
A final touch would be to let the server code handling step 3 destroy the current authentication session if the active_device hash is no longer matching. The coolest thing would be to redirect the user to a login page only asking for a password to revalidate the current device (and triggering a login procedure overwriting the active_device info).
这篇关于Laravel 5.1:如何限制帐户访问权限,以便一次可以访问一个帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
