如何限制同一用户同时登录多个地方? [英] How to restrict the same user logging in multple places same time?

问题描述

我要求避免同一用户同时从不同系统登录.
(即)在任何时间点，用户只能通过一个IP激活.

我正在使用自定义表和会话对象来管理用户身份验证过程.
我想使用会话对象和事件(例如Session_OnStart和Session_OnEnd)来实现此目的.

看来，会话对象是不可靠的，并且不能保证Session_OnEnd事件被正确触发.

请在此发表您的想法.

谢谢，
Nagaraj

Hi,

I have a requirement to avoid the same user being logged in from different systems at the same time.
(i.e ) At any point of time, user can be active from only one IP.

I am using custom tables and session objects to manage the user authentication process.
I thought to implement this using, session objects and events such as Session_OnStart and Session_OnEnd.

It seems that, session objects are not reliable and It''s not guaranteed that Session_OnEnd event is fired properly.

Please, post your ideas on this.

Thanks,
Nagaraj

推荐答案

当它是基于系统的用户时，则不能使用Sessions.

选项1:
维护应用程序对象.无论登录者是谁，都应添加该用户名，并在登录/浏览器关闭时将其删除.
每当用户登录时，就循环遍历Application对象中的值.如果找到表明他已经登录的值，则可以为用户提供一种机制，使其先注销然后再在该系统上重新登录.

选项2:
维护IP&数据库中的userId.登录到系统之前，请验证它是否已经存在.如果没有，请允许登录.

When it is user based across systems then it cannot be using Sessions.

Option 1:
Maintain the Application object. Whoever login''s should be added to it and removed on logut/browser close.
Whenever user logins, loop through the values in Application object. If you find the value that means he is already in. You can provide a mechanism to user to logout first and then re-login on that system.

Option 2:
Maintain the IP & userId in your database. Before logging into the system verify if it already exists. If not, allow login.

这篇关于如何限制同一用户同时登录多个地方?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！