阻止人们将我的网站加载到多个标签上 [英] Stop people having my website loaded on multiple tabs
问题描述
我希望用户仅在他们浏览器中的一个选项卡中浏览我的网站.如何才能做到这一点?我会使用 javascript 和 cookie 吗?
例如,我有一个网站:www.example.com - 我希望我的客户只能从一个标签页中访问该网站浏览器.如果他们打开另一个选项卡并加载站点(或站点的子页面) - 我想要一个警报无法打开多个实例",然后将它们重定向到错误页面.
有一点需要注意 - 如果用户将地址从 www.example.com/action/door/mine.aspx 更改为 www.example.com - 应该可以正常工作,因为用户在同一个(原始)标签中.
任何帮助将不胜感激.提前致谢.
这正是 this answer 中提到的内容,您需要 2 个 ID:
- 随机一个
- 一个一致的(这实际上是我们的 SSID,由于您限制了单个浏览器的标签,因此最好获取生成的表单浏览器的唯一参数)
您可以从浏览器的用户代理生成一致的或从服务器端获取它.将它们都存储在服务器端.
将随机的存储在标签特定的 window.name 属性中.
每 1~2 秒向您的服务器发送一次心跳,其中包含一致的 ID 和随机的 ID.如果服务器无法接收到心跳,它会清理数据库并注销死客户端.
在每个浏览器的请求中,检查 window.name 的值.如果丢失,请与服务器端检查上一个选项卡是否已关闭(从数据库中清除).
如果是,则为客户端生成一个新对,如果否,则拒绝它们.
我心中的两个建议:
- 服务器端(更好):为您的所有客户端提供用户名和密码.要求他们在他们第一次访问您的网站时输入他们的凭据.然后在所有其他请求中,检查具有所述凭据的用户是否已经登录.
<上一页>客户 *||服务器 ---> 检查是否已登录或不?______________||是 否||允许拒绝他们他们
- 客户端:如果您确实需要对此进行严格检查,请使用 evercookie 在客户端机器上存储
already-logged-incookie.
旁注:要知道,客户端的每一次尝试都不安全!客户端应该帮助服务器端,它不应该被用作唯一的安全来源.甚至evercookies也可以删除 所以,给我的第一个建议是.
****
Evercookie 在存储最安全的僵尸 cookie 方面确实做得很好,但由于库本身对于浏览器来说有点沉重(每次存储 cookie 需要超过 100 毫秒),因此不建议在现实世界中使用网络应用程序.
如果您使用服务器端解决方案,请改用这些:
I want users to browse my site from only one tab in their browser. How can this be done? Would I use javascript and cookies?
For example, I have a website: www.example.com - and I want my clients to only be able to visit the site from one single tab in one browser. If they open another tab and load the site (or a subpage of the site) - I want an alert "Can't open multiple instances", and then redirect them to an error page.
Once thing to note - if the user changes the address from www.example.com/action/door/mine.aspx to www.example.com - that should work fine, because the user is in the same (original) tab.
Any help will be appreciated. Thanks in advance.
EDIT2:
It's the exact thing which is mentioned at this answer, You need 2 IDs:
- One random one
- One consistent one (this will be our SSID actually, since you limit tabs of a single browser, it's better to get generated form browser's unique parameters)
You can generate consistent one from browser's user-agent or get it from server-side. store both of them server-side.
Store the random one in window.name property which is tab-specific.
Send a heartbeat every 1~2 seconds to your server containing both consistent ID and random one. if server fails to receive the heartbeat, it cleans up database and de-register dead clients.
on every browser's request, check window.name for the value. if it were missing, check with the server-side whether if the previous tab is closed or not (cleaned from database).
If yes, generate a new pair for client if no, reject them.
Two suggestions on top of my mind:
- Server-side (better): provide all your clients, a user name and password. request them on their first visit of your site to enter with their credentials. then on every other request, check for whether user with said credentials is already logged in or not.
Client *
|
|
Server ---> Check whether
Already logged
or not?
______________
| |
yes no
| |
permit reject
them them
- Client-side: If you really need a strong check of this, use evercookie to store an
already-logged-incookie on client's machine.
Side-note: Do know that every attempt in client side is not secure at all! client-side should help server-side, it shouldn't be used as the one and only source of security. even evercookies can be deleted so, give my first suggestion a go.
**EDIT:**
Evercookie is really doing a good job at storing most secure zombie cookies ever but since the library itself is a little bit heavy for browsers (storing a cookie takes more than 100ms each time) it's not really recommended for using in real-world web app.
use these instead if you went with server-side solution:
这篇关于阻止人们将我的网站加载到多个标签上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
