Efforts to achieve the same account login function cannot be repeated

Just like QQ, the same QQ account cannot log in to different places at the same time. Qq uses the same account to "squeeze out" login users ". However, I don't think this is a good practice. Consider a situation where the last user logged on is illegal. As a result, this illegal user will "squeeze out" the previous legal user, if you can log on to the same account only once and the logon request sent by the logged-on user is rejected, as long as the valid user is always online, illegal users cannot threaten the previous legal users. However, this approach also seems dangerous: What if the previous hacker is an illegal user? Valid users will never be able to log on normally! If it is QQ, it is estimated that all the items to be lost will be lost. Therefore, I think the two methods have their own advantages, depending on the situation.

After a long time of hard work, I decided to use QQ-like practices. The latter will squeeze out the first login. A large part of the reason is that you have not yet come up with a proper method to reject a post-login request. It seems simple to squeeze out the previous one. I just added a sessionid in the database to mark the user's logon status. Each time I judge whether the session ID value has changed, if there is any change, it means that the current account has logged on to different locations or in a new session. If you are prompted that you cannot log on to the same machine with the same account as QQ, you only need to change the mark to the IP address of the user machine. It seems clear.

I have mentioned this problem in the garden before. Someone prompts me to use application to implement it and gives the C #Code. However, I don't think it is good. If there are more than one user account, will the temporary storage space be large? If I do this in a database, no matter how many users exist, there must be a user table. Adding a field to this table does not have a great impact, the only bad thing is that database access is a little too common. Every time you have to determine whether the user has logged on from other places, you have to determine whether there is a page request.

I hope there will be a better way to implement this function in the future. Or, if any friend in the garden passes by, please give me some advice. I am very grateful!