Laravel中的单会话登录 [英] Single Session Login in Laravel

问题描述

我正在尝试实施一项用户策略，一次只能有一个用户可以登录.我正在尝试将其构建在Laravel的Auth驱动程序之上.

I'm trying to implement a user policy whereby only one user can login at a time. I'm trying to build this on top of Laravel's Auth driver.

我已经考虑过使用会话驱动程序将会话存储在数据库中，并使每个用户名的键保持不变.由于会话固定，这可能是一个糟糕的实现.

I've thought of using the Session driver to store the sessions in the database and make the keys constant for each username. This is probably a terrible implementation because of session fixation.

实现会是什么样子?我应该在Auth驱动程序中编辑哪些方法?通用会话密钥将存储在哪里?

What would the implementation be like? What methods in the Auth driver should I be editing? Where would the common session key be stored?

推荐答案

我最近做了这个.

我的解决方案是在用户登录时设置会话值.然后，我进行了一个小类检查所存储的会话ID是否与当前登录的用户相同.

My solution was to set the session value when a user logs in. Then I had a small class checking if the session ID stored is the same as the current user who is logged in.

如果用户从其他地方登录，则数据库中的会话ID将更新，并且较旧"的用户将被注销.

If the user logs in from somewhere else the session ID in the DB will update and the "older" user will be logged out.

我没有更改Auth驱动程序或其他任何东西，只是在用户登录时将其放在顶部.登录成功后会发生以下情况:

I didn't alter the Auth driver or anything, just put it on top when the user logs in. Below happens when login is successful:

$user->last_session = session_id();
$user->save();

要检查会话是否有效，我在下面使用了

To check if the session is valid I used below

if(session_id() != Auth::user()->last_session){
   Auth::logout();
   return true;
}

如您所见，我在用户表中添加了名为last_session

As you can see I added a column in the users table called last_session

这篇关于Laravel中的单会话登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！