使用相同的用户名和密码防止多次登录 [英] Prevent multiple login using the same user name and password
问题描述
我正在开发一个需要使用相同的用户名和密码阻止多次登录的应用程序。
如果它发生在同一台机器上,那么显然我们需要做用户会话的东西,但它也应该防止他们使用相同的用户名和密码登录不同的机器。
我们必须记住以下事项:
- 如果用户在没有注销的情况下关闭浏览器。
- 如果会话超时。
我将不胜感激任何帮助。
< blockquote>
如果用户在没有注销的情况下关闭浏览器。
特别是这种情况检测起来很难并且不可靠。您可以在Javascript中使用 beforeunload 事件,但您完全依赖于浏览器是否启用了JS以及特定浏览器是否支持此非标准事件(例如Opera不会T)。这也是我建议只注销以前登录用户而不是阻止登录的主要原因之一。对于用户忘记从另一台计算机注销的情况,这也更加用户友好且安全。
最简单的方法是让用户拥有静态地图< User,HttpSession> 变量并让它实现 HttpSessionBindingListener (以及 Object#equals() 和 Object#hashCode() )。
公共类用户实现HttpSessionBindingListener {
//所有登录。
private static Map< User,HttpSession> logins = new HashMap< User,HttpSession>();
//正常属性。
private Long id;
private String username;
//等等。当然还有公共吸气者+二传手。
@Override
public boolean equals(Object other){
return(other instanceof User)&& (id!= null)? id.equals(((User)other).id):( other == this);
}
@Override
public int hashCode(){
return(id!= null)? (this.getClass()。hashCode()+ id.hashCode()):super.hashCode();
}
@Override
public void valueBound(HttpSessionBindingEvent event){
HttpSession session = logins.remove(this);
if(session!= null){
session.invalidate();
}
logins.put(this,event.getSession());
}
@Override
public void valueUnbound(HttpSessionBindingEvent event){
logins.remove(this);
}
}
当你登录用户如下:
用户user = userDAO.find(用户名,密码);
if(user!= null){
request.getSession.setAttribute(user,user);
} else {
//显示错误。
}
然后它会调用 valueBound()将从登录地图中删除任何先前登录的用户并使会话无效。
当您注销用户时,如下所示:
request.getSession() .removeAttribute( 用户);
或当会话超时时, valueUnbound(),将用户从登录地图中删除。
I am developing an application that needs to prevent multiple login using the same user name and password.
If it happens on the same machine then obviously we need to do something with the user session, but it should also prevent if they are login on different machines using the same user name and password.
We have to keep following things in mind:
- If user close the browser without logout.
- If session time out.
I would appreciate any help on this.
If user close the browser without logout.
Particularly this case is hard and not reliable to detect. You could use the beforeunload event in Javascript, but you're fully dependent on whether the browser has JS enabled and the particular browser supports this non-standard event (e.g. Opera doesn't). That's also one of the major reasons that I'd suggest to just logout the previously logged in user instead of preventing the login. That's also more user-friendly and secure for the case that the user "forgot" to logout from the other computer.
Easiest way is to let the User have a static Map<User, HttpSession> variable and let it implement HttpSessionBindingListener (and Object#equals() and Object#hashCode()).
public class User implements HttpSessionBindingListener {
// All logins.
private static Map<User, HttpSession> logins = new HashMap<User, HttpSession>();
// Normal properties.
private Long id;
private String username;
// Etc.. Of course with public getters+setters.
@Override
public boolean equals(Object other) {
return (other instanceof User) && (id != null) ? id.equals(((User) other).id) : (other == this);
}
@Override
public int hashCode() {
return (id != null) ? (this.getClass().hashCode() + id.hashCode()) : super.hashCode();
}
@Override
public void valueBound(HttpSessionBindingEvent event) {
HttpSession session = logins.remove(this);
if (session != null) {
session.invalidate();
}
logins.put(this, event.getSession());
}
@Override
public void valueUnbound(HttpSessionBindingEvent event) {
logins.remove(this);
}
}
When you login the User as follows:
User user = userDAO.find(username, password);
if (user != null) {
request.getSession.setAttribute("user", user);
} else {
// Show error.
}
then it will invoke the valueBound() which will remove any previously logged in user from the logins map and invalidate the session.
When you logout the User as follows:
request.getSession().removeAttribute("user");
or when the session is timed out, then the valueUnbound() will be invoked which removes the user from the logins map.
这篇关于使用相同的用户名和密码防止多次登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
