如何防止多个用户使用相同的用户名和密码登录?
我正在用php开发安全的登录系统.我想防止具有相同用户名和密码的用户多次登录.使用我的脚本,用户可以使用不同的浏览器或具有相同用户名和密码的不同IP登录帐户.我需要在数据库中添加一些列.当用户登录字段变为1,并且帐户被锁定时,用户登录帐户被解锁.但是,如果用户关闭浏览器却没有注销怎么办?
I am developing secure login system with php. I want to prevent multiple login for user with same username and password. With my script user can login on account from different browsers or from different IP with same username and password. I need to add some column on my database. When user logged in field becomes 1, and account is locked, when user logged out account is unlocked. But what if user close the browser without logout?
您可以在登录时设置随机盐,并将其存储在数据库中以及用户的cookie中.
You can set a random salt on login and store it in the database and in a cookie in the user.
每次登录时,您都会生成一个新的随机盐,并将其存储在数据库中(替换先前的值)和当前用户的cookie中.
On each login you will generate a new random salt and store it in the database (replacing the previous value) and in a cookie for the current user.
对于您网站上的每个操作,您不仅会检查会话,还会检查盐(如果用户会话中的盐对于当前用户而言是不同的),这意味着某人使用相同的凭据登录到他之后,并且您将使当前会话无效.这样一来,您将具有所需的功能,并且用户不会注销也不会遇到麻烦,因为用户每次登录都会使使用相同凭据登录的所有其他用户无效.
For each action on your site you will check not only for the session but for the salt too - if the salt in the user session is different for the current user - that means somebody logged-on after him with the same credentials and you will invalidate the current session. That way you will have the required functionality and you will not have trouble with users not logging out because each time a user logs in it will invalidate all other users logged-in with the same credentials.