Devise每个用户一次限制一个会话 [英] Devise limit one session per user at a time
问题描述
我的应用程序正在使用Rails 3.0.4和Devise 1.1.7。
我正在寻找一种方法来阻止用户共享帐户,因为应用程序是基于订阅的服务。我一直在寻找一个星期,而我仍然不知道如何实现一个解决方案。我希望有人实施了一个解决方案,并指出我的方向正确。
解决方案(感谢大家的答案和见解!)
应用程序controller.rb
before_filter:check_concurrent_session
def check_concurrent_session
如果is_already_logged_in?
sign_out_and_redirect(current_user)
end
end
def is_already_logged_in?
current_user&& !(session [:token] == current_user.login_token)
end
在session_controller中覆盖Devise Sessions控制器:
skip_before_filter:check_concurrent_session
def create
super
set_login_token
end
private
def set_login_token
token = Devise.friendly_token
会话[:令牌] =令牌
current_user.login_token =令牌
current_user.save
end
在迁移中AddLoginTokenToUsers
def self.up
change_tableusersdo | t |
t.stringlogin_token
end
end
def self.down
change_tableusersdo | t |
t.removelogin_token
end
end
您不能这样做。
- 您可以控制用户的IP地址,以防止一次来自两个IP的用户的存在。你可以绑定登录和IP。您可以尝试通过IP检查城市和其他地理位置数据以阻止用户。
- 您可以设置Cookie来控制其他内容。
但是这些都不会保证只有一个用户使用此登录,而来自世界各地的那些105 IP不属于仅使用Proxy或其他任何唯一身份用户。 / p>
最后一个:你不需要在互联网上。
UPD / p>
但是,我要求的是限制多个用户同时使用相同的帐户,我觉得应该可以
所以你可以存储一些令牌,它将包含一些加密数据:IP + secret string +用户代理+用户浏览器版本+用户OS +任何其他个人info: encrypt(IP +some secret string+ request.user_agent + ...)
。然后,您可以使用该令牌设置会话或cookie。并且每个请求可以抓取它:如果用户是一样的他是否使用相同的浏览器和相同的操作系统等同的浏览器版本。
您还可以使用动态令牌:您更改每个请求的令牌,因此只有一个用户可以使用系统每个会话,因为每个请求令牌将被更改,另一个用户将被注销,只要他的令牌将过期。
My app is using Rails 3.0.4 and Devise 1.1.7.
I'm looking for a way to prevent users from sharing accounts as the app is a subscription based service. I've been searching for over a week, and I still don't know how to implement a solution. I'm hoping someone has implemented a solution and can point me in the right direction.
Solution (Thank you everyone for your answers and insight!)
In application controller.rb
before_filter :check_concurrent_session
def check_concurrent_session
if is_already_logged_in?
sign_out_and_redirect(current_user)
end
end
def is_already_logged_in?
current_user && !(session[:token] == current_user.login_token)
end
In session_controller that overrides Devise Sessions controller:
skip_before_filter :check_concurrent_session
def create
super
set_login_token
end
private
def set_login_token
token = Devise.friendly_token
session[:token] = token
current_user.login_token = token
current_user.save
end
In migration AddLoginTokenToUsers
def self.up
change_table "users" do |t|
t.string "login_token"
end
end
def self.down
change_table "users" do |t|
t.remove "login_token"
end
end
You can't do it.
- You can control IP addresses of user, so you can prevent presence of user from two IP at a time. ANd you can bind login and IP. You can try to check cities and other geolocation data through IP to block user.
- You can set cookies to control something else.
But none of this will guarantee that only one user uses this login, and that those 105 IP from all over the world doesn't belong to only one unique user, which uses Proxy or whatever.
And the last: you never need this in the Internet.
UPD
However, what I'm asking is about limiting multiple users from using the same account simultaneously which I feel should be possible
So you can store some token, that will contain some encrypted data: IP + secret string + user agent + user browser version + user OS + any other personal info: encrypt(IP + "some secret string" + request.user_agent + ...)
. And then you can set a session or cookie with that token. And with each request you can fetch it: if user is the same? Is he using the same browser and the same browser version from the same OS etc.
Also you can use dynamic tokens: you change token each request, so only one user could use system per session, because each request token will be changed, another user will be logged out as far as his token will be expired.
这篇关于Devise每个用户一次限制一个会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!