发表新帖
发表新帖

PHP - How to prevent user from logging in from multiple machines at the same time?

前端 未结
关注
5 439
情书的邮戳
情书的邮戳 2020-12-22 07:30

Is there a way that I can prevent a user from logging into a system from different machines at the same time?

Thank you

相关标签:
5条回答
  • 挽巷
    2020-12-22 08:06

    The problem with all these solutions based on IP address is that if a user is behind a proxy server that routes their request via multiple IP addresses, this may fail in a way that means the user cannot remain logged in.

    What you can do instead is just, when any user logs in, give them a new session token and expire all previous session tokens belonging to the same user.

    This would require you keeping a table of all valid session tokens and which user they're associated with. Note that the built-in session handling of PHP is unlikely to be able to do this without much modification.

    0 讨论(0)
  • 旧巷少年郎
    2020-12-22 08:06

    I would suggest keeping track of the current (last) IP that the user logged in from. When the user logs in, change that IP. Make checking current IP against the last IP part of your authentication procedure; if it's different, log them out. The can then log back in, but that'd result in kicking the other machine's login off.

    0 讨论(0)
  • 悲&欢浪女
    2020-12-22 08:09

    You could try storing the users' IP address in the database when the login and clear that IP when they logout (or you log them out). If a user attempts to login but they already have a different IP stored in the database that could be an indication that they are logging in from 2 different machines....not 100% accurate but may sorta work

    0 讨论(0)
  • 梦谈多话
    2020-12-22 08:20

    You can't prevent this. And shouldn't.
    Instead you have to manually logout everyone who logged in before.
    Just keep track of session id in the users database and close a session if it's id is not equal to one, stored in the database after succesful login.
    That will make all simultaneous users login constantly and ruin all their efforts to use your service.

    0 讨论(0)
  • 梦谈多话
    2020-12-22 08:27

    When a user logs in, put their IP address into a database. If their IP changes, require them to log in again.

    Even easier would be to save their SessionID. If that changes, invalidate the old session.

    0 讨论(0)
 看不清?
提交回复
热议问题