如何限制同一用户同时登录多个地方? [英] How to restrict the same user logging in multple places same time?
问题描述
我要求避免同一用户同时从不同系统登录.
(即)在任何时间点,用户只能通过一个IP激活.
我正在使用自定义表和会话对象来管理用户身份验证过程.
我想使用会话对象和事件(例如Session_OnStart
和Session_OnEnd
)来实现此目的.
看来,会话对象是不可靠的,并且不能保证Session_OnEnd
事件被正确触发.
请在此发表您的想法.
谢谢,
Nagaraj
Hi,
I have a requirement to avoid the same user being logged in from different systems at the same time.
(i.e ) At any point of time, user can be active from only one IP.
I am using custom tables and session objects to manage the user authentication process.
I thought to implement this using, session objects and events such as Session_OnStart
and Session_OnEnd
.
It seems that, session objects are not reliable and It''s not guaranteed that Session_OnEnd
event is fired properly.
Please, post your ideas on this.
Thanks,
Nagaraj
推荐答案
当它是基于系统的用户时,则不能使用Sessions.
选项1:
维护应用程序对象.无论登录者是谁,都应添加该用户名,并在登录/浏览器关闭时将其删除.
每当用户登录时,就循环遍历Application对象中的值.如果找到表明他已经登录的值,则可以为用户提供一种机制,使其先注销然后再在该系统上重新登录.
选项2:
维护IP&数据库中的userId.登录到系统之前,请验证它是否已经存在.如果没有,请允许登录.
When it is user based across systems then it cannot be using Sessions.
Option 1:
Maintain the Application object. Whoever login''s should be added to it and removed on logut/browser close.
Whenever user logins, loop through the values in Application object. If you find the value that means he is already in. You can provide a mechanism to user to logout first and then re-login on that system.
Option 2:
Maintain the IP & userId in your database. Before logging into the system verify if it already exists. If not, allow login.
这篇关于如何限制同一用户同时登录多个地方?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!