Modification requirements: When an account is logged in, other users login to the account! The current account will be forced offline, like QQ abnormal login like that! The great gods give a concrete realization of the idea??
Reply content:
Modification requirements: When an account is logged in, other users login to the account! The current account will be forced offline, like QQ abnormal login like that! The great gods give a concrete realization of the idea??
Generate a token existence database, write to session. When the operation of the session token and database contrast, not the same logout.
"Other users login to the account!" The current account will be forced offline "
Here's what you want to do in time, or refresh (send HTTP request again).
The former requires a long connection like a socket, or a heartbeat packet.
The next or the latter operation, @xfspace also said more clearly.
Each login generates a random token for validating the cookie.
Tokens generated by different logins are also different, and cookies generated by nature will expire.
However, it is important to note that if the user copies the cookie directly and injects it into the browser of another computer on the LAN, the server is not well identified.
It's so troublesome.
1. Create a token table.
Field: Token (token, general 8 random string on it), UID (site user ID), expiresin (expiry time)
When a user logs in successfully, a record is inserted and all token data from the previous user is expired or deleted, so that only one valid token can be used at the same time, and the role of login cannot be repeated.