Laravel 5.1: How to limit account access so one account can be accessed at one time

问题

I am relatively new to Laravel, but I would like to restrict account access so that only one account can be logged into at one time. For example, if I were to log into my account on my work computer and then I logged in at my home computer simultaneously, it would not log me in and prompt me to logout of the first computer.

What is the best and correct way of doing this?

Many Thanks

回答1:

This is more a 'logic' question than one about Laravel. In short I would build something like this;

1. Add a field to the user table like 'active_at' with a timestamp in it and a 'active_device' with a unique value created based on this login (maybe based on the IP + device information);
2. When a users logs in I would update this fields;
3. Than in the background have some JavaScript call a script on the server every minute (or shorter depending on your wishes) that verifies the current logged in user and updates the 'active_at' timestamp field;
4. Then when logging in somewhere I would check if the 'active_at' is outdated and not matching the 'active_device' hash I would prompt the user to logout the other device which would empty these fields.

By setting things up in a way only the login-procedure is allowed to take over a device (and not the JavaScript activity ping) you won't end up battling between two devices :)

If you want to prompt with more information about the other device (as for now we only have a hashed device info string) you could either add another field with a human readable name for the device or use some sort of encrypted string so you could decrypt it when needed.

A final touch would be to let the server code handling step 3 destroy the current authentication session if the active_device hash is no longer matching. The coolest thing would be to redirect the user to a login page only asking for a password to revalidate the current device (and triggering a login procedure overwriting the active_device info).

来源：https://stackoverflow.com/questions/31425311/laravel-5-1-how-to-limit-account-access-so-one-account-can-be-accessed-at-one-t