Express.js + Passport.js：如何限制同一用户的多次登录？ [英] Express.js + Passport.js : How to restrict multiple login by the same user?

问题描述

默认情况下，Passport允许同一用户从多个浏览器登录并创建唯一的会话。当用户尝试创建第二个会话时，如何将其配置为销毁第一个会话？

Passport by default allows the same user to login from multiple browsers and have unique sessions created. How can I configure it to destroy the first session when the user tries to create a second session?

目前，我使用会话模型将用户名添加到记录以及如果会话存在，则通过用户名进行后续登录检查。但这会增加数据流的流量。我正在想，express必须已经做到这一点，或者将其保存在内存中，从而可以简化进程。我会感谢关于如何实现调整的意见，为此目的或任何其他解决方法/建议的想法。
非常感谢！

Currently I'm using the 'Sessions' model to add the username to the record and upon subsequent login check by username if the sessions exists. But this increases traffic to the db. I'm thinking express must be doing it already or made to, keep the 'logged in users' information in memory so that the process can be simplified. I'd be thankful for ideas around how to achieve tweak with express for this purpose or any other workaround/suggestion. Much thanks!

推荐答案

我看到至少有4个用户提出了这个问题，所以我决定创建护照策略为此。新策略称为护照 - 每用户一个用户。您可以访问这里的开源策略： https://github.com/AminaG/护照 - 一人一用户

I saw that at least 4 users upvote this question, so I decided to create passport-strategy for that. The new strategy called passport-one-session-per-user. It's open source strategy you can access here: https://github.com/AminaG/passport-one-session-per-user

如何使用？在 session 之后添加它。例如：

How to use it? add it right after session. For example:

app.use(passport.session())
var passportOneSessionPerUser=require('passport-one-session-per-user')
passport.use(new passportOneSessionPerUser())
app.use(passport.authenticate('passport-one-session-per-user'))

不需要设置或配置。

如何工作？

策略创建了一个包含串行用户对象和sessionID的数组。

The strategy, created an array that contain serializaed user objects, and sessionID.

每次用户登录时，策略都会检查用户是否已经登录，如果是，则标记其他会话。下一次在另一个会话中的用户发出请求时，策略将看到该标志，并将该用户登录。

Every time user logged in, the strategy check if the user already logged in. If so, it's flag the other session. The next time the user in the other session make a request, the strategy see the flag, and log the user out.

这篇关于Express.js + Passport.js：如何限制同一用户的多次登录？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！