How to achieve the same account at the same time only at one terminal login

Many systems want to achieve the same account at the same time can only log in one place, such as Tencent QQ, when your account in another terminal login, the previous access to the terminal will be forced offline, the advantages of doing so I think there are two points: 1 can improve the security of the system/website, For example, if you were pushed off the line during the operation, you can immediately detect the account and password has been compromised, to immediately modify the password or contact the administrator to freeze the account; 2 can reduce the overhead of the system, because each login terminal needs to consume server resources, the user logged in, the session will occupy a larger space, If the account is done only after one terminal is logged in, the resources that are consumed by other terminals ' logon sessions can be released in time to save valuable server resources, and if this limitation is not done, it may be exploited by malicious attackers to consume server resources, which can have a significant impact on server performance.

How to achieve the single terminal login limit. Here to introduce my implementation of ideas, I hope to help to have the same needs of small partners, have objections to friends are also welcome message exchange.

First Look at a flowchart:

On the basis of the account list, I created a new Account Account_session table to record the account_id of the login account and the session_id of the most recent successful user, and then first to modify the login method: After each logon success, To write the logon user information to the session, but also to update the Account_session Courisian account session_id (of course, if it is the first login, is the insertion action), and then to modify access to the current user information method, in which to do double judgment, first , to see whether the current session has logged in user information, if not, it is definitely not logged in, no longer repeat, if there is, and further to use the current member account_id to account_session table query the latest session_id, Compared with the current member's session_id, if it is consistent, the current session is the most recent session, the login status is normal, if not consistent, that the current logon session after the creation of the new logon session is overwritten, the current logon session has been invalidated, this time, The server should delete the current login session and return the prompt to the client, so limit the account at the same time single terminal login function is realized.