如何管理登录多个账户，并在不同的浏览器页面注销？ [英] How to manage multiple accounts login and logout in different browser pages?

问题描述

我已经建立在App Engine（Java）的一个网站，需要用户使用谷歌帐户登录。

I have a website built on App Engine(Java) and need user use Google Account to login.

的情况是：

1. 用户亚当有多个帐户。


2. 用户登录亚当与帐户的 ADAM1 的，并得到他的 ADAM1 的浏览器页面A.数据


3. 他点击注销链接，但在另一个标签网页B打开它（当然同一个浏览器）


4. 他登录在浏览器的网页B的另一个帐户的 ADAM2 的显示了他的 ADAM2 的数据得到的。


5. 随后，他返回到浏览器页面A和做了一些改动，以他的数据，然后发送到服务器，在这个时候我的应用程序会识别当前用户的 ADAM2 的，并且变化将采取的的 ADAM2 的，它并没有地位，其当前页面匹配，我们的用户可能会混淆。

1. User Adam has multiple accounts.
2. User Adam login with account Adam1 and get his Adam1 data in browser page A.
3. He clicked logout link, but opened it in another tab page B(the same browser of course)
4. He login with another account Adam2 in browser page B get his Adam2 data shown.
5. He then returned to browser page A and made some changes to his data and then send to server, at this time my app would recognize the current user is Adam2 , and the changes would be taken on Adam2, it does not match the status with its current page A, our user may be confused.

我想也许我可以附加一个userid参数，同时使变更请求到服务器，服务器端会比较当前的用户ID与此userid参数做出变更请求处理或返回刷新命令使外OF-如果ID不相同的日期页面被刷新到当前帐户的。

I thought maybe I can attach a userID parameter while making change request to the server and server side will compare the current user id with this userID parameter to make the change request processed or return a refresh command to make the out-of-date page be refreshed to the current account's if the ids are not same.

什么是处理这种情况的最佳做法是什么？

What is the best practice to handle this situation?

推荐答案

presumably用户将通过被发送的Cookie信息会话ID来识别。亚当在现场都会有，因为的不同登录比亚当在站点B不同的会话ID。还presumably表单页面将被保护，使得用户需要，以访问被记录在

Presumably the user would be identified by a Session ID that is send as Cookie information. Adam on site A will have a different Session ID than Adam on site B because of the differing login. Also presumably the form page will be protected such that a user needs to be logged in in order to access it.

当亚当第B注销，旧的会话被破坏的服务器和登录变得无效。当亚当提交从网页A的形式，浏览器不知道发生了这种情况，并会与旧会话ID一起提交表单。服务器将（应该）拒绝这个提交，因为会话已经过期。

When Adam logs out on page B, the old session is destroyed on the server and the login becomes invalid. When Adam submits the form from page A, the browser doesn't know this has happened and will submit the form together with the old Session ID. The server will (should) reject this submit since the session has already expired.

因此​​，在一个适当的codeD会话/用户管理系统，这将成为一个非问题。关键的一点是要更新/注销后无效的会话ID。

Hence, in a properly coded Session/User management system, this becomes a non-issue. The critical point is to renew/invalidate the Session ID upon logout.

这篇关于如何管理登录多个账户，并在不同的浏览器页面注销？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！