发表新帖
发表新帖

Avoiding multiple logins to an account from different locations

前端 未结
关注
5 478
醉梦人生
醉梦人生 2021-01-06 20:11

I want to restrict multiple logins of the same user from different locations. How can I identify a user\'s multiple logins from different locations in the same/recent times?

相关标签:
5条回答
  • 失恋的感觉
    2021-01-06 20:47

    Here's a solution that doesn't require constant database access to work...

    (which will avoid the requirement to check the session_id() against the database value every time you request/refresh a page, relieving db/server stress)...

    1. On login, grab the pre-existing session_id stored in the DB for this user and do this:

    session_id("the pre-existing session id in the database goes here");
session_start();
session_destroy();

    2. Then start a new session and save this new session_id to the database, overwriting the previous one. This will logout the previous session on this user if there is one active (effectively logging out the other guy using this account).

    Give it a try and let me know if that does the trick!!

    NOTE: This is "in theory" as I haven't yet tried it. It's based on this accepted stackoverflow answer. And you should probably manually create the session_id based on something unique to each user, that way you don't wipe out a session that someone else is using that happened to be the same as the session last used by the user you are doing a check for.

    0 讨论(0)
  • 心在旅途
    2021-01-06 20:56

    I would resolve something like that by making in user table, a activeKey column. Everytime user is logging in the activeKey is changed ( simple way subchar(md5(time().$username), 0, 16)), and and store it in session. Every time the webpage is refreshed/entered key would be checked. If dosn't match then logout with info. On correct logout key would be set to NULL, so when it could give a flag.

    This metod could be combined with IP address, but only IP address could be cheated, same with MAC, and so on.

    That is a main idea. There could be additional data like last login date, IP last login date, and so on.

    0 讨论(0)
  • 南笙
    2021-01-06 21:02

    I would add in the users table an ipAddress column, a LastLogin date column, LogStatus column with boolean values (actually MySQL uses 1/0 for boolean) to check if the user is logged in or not, a Country column (although this could be bypassed by using proxy), and a blockedStatus column, again with 1/0 values, that would check if the user is blocked or not.

    Then at log in page, you'd check if the user is logged in then he can't login, if he was recently logged in, and the country is different, then something is happening and you would need to block the account and send a email with a link to unblock the account if the legitimate user was the one logging in.

    0 讨论(0)
  • 长发绾君心
    2021-01-06 21:11

    You can have a table containing the IDs and the IP addresses of the users that are currently logged in. Just check against this table everytime someone logs in.

    0 讨论(0)
  • 陌清茗
    2021-01-06 21:12

    I think, just have extra 2 columns for each user - "LastLoginTime" and "IPAddress" in your Users table. If the duration is too short and IPAddress vary then you can give a warning to the user. Additionally you can also inform the City & Country from which the user is logged in.

    0 讨论(0)
 看不清?
提交回复
热议问题