问题
I have a RestAPI which when hit authenticate the user. This api is exposed to android and ios developers they hit this api to allow user to login to our app
My requirement is this.1) If user has cell phone say abc phone with IMEI "abc1234". He logs in from this phone. Now if he tries to log in from his 2nd phone than he should not be allowed to login from 2nd phone. He should first log out from abc device.
now there is few complications 1) if user is logged from abc. With out loging out he formats his phone or uninstalls the app. Then how should I handle login from same device or other device.
Basically I want to know about strategies or good practises for such type of scenarios.
回答1:
Good practice would be let the user login from second device and logged out him from first device it would be better from user experience as well as will be easy to handle e.g
I logged in from DeviceId A (update DeviceId in db against the user)
then I try to logged in from DeviceId B (again update DeviceId overriding previous DeviceId in db against the user)
Now If I make a request from DeviceId A, match the DeviceID in DB, it will return false. Send user back to login page.
回答2:
I suggest that you maintain a session for a login. Whenever there is a successful login, you would provide a unique session identifier to the user. This session id can subsequently be used for further requests/calls from the user.
For scenario of user logging in from another number, an active session will mark this second login request as invalid.
Keep an aging mechanism for each session. This way an inactive session, caused by phone getting disconnected or off, will get terminated.
回答3:
Hello you can do one thing. Track user login status. like
- while user login add entry that user is active or login
- now while user is trying to login with another device at that time check that user is login/active or not. if user is active then don't allow them for login and display message that logout from your old device. You can also put auto logout from last device functionality also.
- While user is logout at that time change user status active/login to not-active/logout so by this way you can manage this.
You have to pass this user status with your login web Service or API in android and in website you can directly check from DB.
回答4:
Use SharedPreferences for solution,
For eg.
public class Pref_Storage {
private static SharedPreferences sharedPreferences = null;
public static void openPref(Context context) {
sharedPreferences = context.getSharedPreferences(context.getResources().getString(R.string.app_name),
Context.MODE_PRIVATE);
}
public static void deleteKey(Context context, String key) {
HashMap<String, String> result = new HashMap<String, String>();
Pref_Storage.openPref(context);
for (Entry<String, ?> entry : Pref_Storage.sharedPreferences.getAll()
.entrySet()) {
result.put(entry.getKey(), (String) entry.getValue());
}
boolean b = result.containsKey(key);
if (b) {
Pref_Storage.openPref(context);
Editor prefsPrivateEditor = Pref_Storage.sharedPreferences.edit();
prefsPrivateEditor.remove(key);
prefsPrivateEditor.commit();
prefsPrivateEditor = null;
Pref_Storage.sharedPreferences = null;
}
}
public static void setDetail(Context context, String key, String value) {
Pref_Storage.openPref(context);
Editor prefsPrivateEditor = Pref_Storage.sharedPreferences.edit();
prefsPrivateEditor.putString(key, value);
prefsPrivateEditor.commit();
prefsPrivateEditor = null;
Pref_Storage.sharedPreferences = null;
}
public static Boolean checkDetail(Context context, String key) {
HashMap<String, String> result = new HashMap<String, String>();
Pref_Storage.openPref(context);
for (Entry<String, ?> entry : Pref_Storage.sharedPreferences.getAll()
.entrySet()) {
result.put(entry.getKey(), (String) entry.getValue());
}
boolean b = result.containsKey(key);
return b;
}
public static String getDetail(Context context, String key) {
HashMap<String, String> result = new HashMap<String, String>();
Pref_Storage.openPref(context);
for (Entry<String, ?> entry : Pref_Storage.sharedPreferences.getAll()
.entrySet()) {
result.put(entry.getKey(), (String) entry.getValue());
}
String b = result.get(key);
return b;
}
}
Use:
Before login check login_flag:
if (Pref_Storage.checkDetail(getApplicationContext(), "login_flag"))
{
// Home Screen
}
else
{
//Display Login Screen
}
After Login set login_flag:
Pref_Storage.setDetail(getApplicationContext(), "login_flag", "0");
回答5:
Try, to save a boolean variable. Which will be mark as 0 and the user will be allowed to login. On login, the value will be change to 1 and on logout change it back to 0. User will only be allowed to login when the value of boolean character is 0.
回答6:
You can use SharedPreference for storing user login detail after logging and second time you run the app, check that login detail is available or not. And after logout you have to delete shared preference.
For more detail please visit below links:
http://www.tutorialspoint.com/android/android_shared_preferences.htm http://developer.android.com/reference/android/content/SharedPreferences.html
回答7:
php example
When user success login
$t1 = time();
$t2 = $t1 +10
Save $t1 in redis server
Save $t2 in browser cookie (encrypted, only server know how to decrypt it)
Whenever browser visit server always compare that $t2 > $t1, if not send browser message "you are logout"
来源:https://stackoverflow.com/questions/32133584/how-to-make-user-login-from-only-one-device-at-a-time