如何防止同一用户多次登录?

问题描述:

如何防止已登录的成员在不退出现有会话的情况下登录其帐户(在新标签页或其他设备中)?

How can I prevent a logged-In member from logging into their account (in a new tab or different device) without logging out of their existing session ?

我在一个客户工作委员会网站上工作,登录后的雇主可以通过 post_job.php 页面提交一个职位空缺.问题是他们可以从新选项卡或设备再次登录而无需注销并发布超过他们允许的单个职位发布.阻止雇主这样做的最简单方法是什么?

I am working on a client job-board website where logged-in employers can submit a single Job Vacancy via the post_job.php page. The problem is they can Login again from a new tab or device without logging out and post more than their permitted single job posting. What would be the easiest way of preventing employers from doing this ?

我是一个比较新手,到目前为止我读到的所有内容都假设我不是.因此,我们将不胜感激以简单的术语回答任何问题.

I am a comparative newbie and everything I have read so far assumes I am not. So any answers in simple jargon-free terms will be greatly appreciated.

看看 this 它保护您免受跨站点请求伪造,您可以检查用户是否已登录.尝试:将 csrf 令牌保存到 db,然后检查用户令牌是否与 db 中的相同...如果不是:为该用户取消设置 cookie 和 session 并将他返回到登录页面;如果是:做你的事

Take a look at this it protect you from Cross-Site Request Forgery and you can check if user had logged in. Try: save csrf token to db, then check if users token same that in db... If not: unset cookie and session for this user and return him to Sign In page; If yes: do your stuff