Express.js + Passport.js:如何限制同一用户多次登录? [英] Express.js + Passport.js : How to restrict multiple login by the same user?

问题描述

默认情况下，Passport 允许同一用户从多个浏览器登录并创建唯一的会话.当用户尝试创建第二个会话时，如何配置它以销毁第一个会话?

Passport by default allows the same user to login from multiple browsers and have unique sessions created. How can I configure it to destroy the first session when the user tries to create a second session?

目前我正在使用会话"模型将用户名添加到记录中，并在随后登录时通过用户名检查会话是否存在.但这会增加数据库的流量.我认为 express 必须已经这样做或已经这样做了，将登录用户"信息保存在内存中，以便可以简化过程.我会感谢有关如何为此目的使用 express 进行调整的想法或任何其他解决方法/建议.非常感谢！

Currently I'm using the 'Sessions' model to add the username to the record and upon subsequent login check by username if the sessions exists. But this increases traffic to the db. I'm thinking express must be doing it already or made to, keep the 'logged in users' information in memory so that the process can be simplified. I'd be thankful for ideas around how to achieve tweak with express for this purpose or any other workaround/suggestion. Much thanks!

推荐答案

我看到至少有 4 个用户赞成这个问题，所以我决定为此创建 passport-strategy.名为 passport-one-session-per-user 的新策略.这是您可以在此处访问的开源策略:https://github.com/AminaG/每个用户一个会话的护照

I saw that at least 4 users upvote this question, so I decided to create passport-strategy for that. The new strategy called passport-one-session-per-user. It's open source strategy you can access here: https://github.com/AminaG/passport-one-session-per-user

如何使用?在 session 之后添加它.例如:

How to use it? add it right after session. For example:

app.use(passport.session())
var passportOneSessionPerUser=require('passport-one-session-per-user')
passport.use(new passportOneSessionPerUser())
app.use(passport.authenticate('passport-one-session-per-user'))

不需要设置或配置.

它是如何工作的?

该策略，创建了一个包含序列化用户对象和 sessionID 的数组.

The strategy, created an array that contain serializaed user objects, and sessionID.

每次用户登录时，该策略都会检查用户是否已经登录.如果是，则标记另一个会话.下次其他会话中的用户发出请求时，策略会看到该标志，并将用户注销.

Every time user logged in, the strategy check if the user already logged in. If so, it's flag the other session. The next time the user in the other session make a request, the strategy see the flag, and log the user out.

这篇关于Express.js + Passport.js:如何限制同一用户多次登录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！