仅允许用户的一个实例登录到网站
At the moment, in my website several people could technically log in using the same username and password at the same time on different machines.
I want to make it so that if someone logs in then it automatically ends any session associated with that user. That way, only one instance of a particular user can be logged in at any one time.
I'm trying to figure out how to implement this. How can someone logging in and creating a new session destroy a specific session on a different machine?
目前,在我的网站上,有几个人可以在技术上同时使用相同的用户名和密码登录 不同的机器。 p>
我想这样做,如果有人登录,它会自动结束与该用户相关的任何会话。 这样,任何时候都只能登录一个特定用户的一个实例。 p>
我正在试图弄清楚如何实现这一点。 如何登录并创建新会话会破坏不同计算机上的特定会话? p> div>
Add a field called "login_token" (make it a randomly generated string) and each time the user logs in, generate a new string and update the login_token field. Also store the login_token in the session. If a users session login_token value does not match that of the one in the database then kill the session.