问题
I need a method of stopping concurrent logins using PHP/MySQL.
The current setup
Currently there are 2 people sharing the same login on a system i have built internally where i work. Due to the nature of the system i dont want them both logging in.
What I have tried
Around 10 articles on stackoverflow and googled for as long as i can.
I also attempted adding a "loggedin" field in the user table which upon logging in was set to 1 and upon logging out was set to 0. Then if the same user credentials where used at login, it would fail.
The problem i had was that if the person who was logged in shut down the browser without logging out properly, it wasnt updating the database. Then i get a phone call from that person and i would have to reset the value to 0 in the database.
This isn't feasible going forward as the product is being rolled out to around 20 people internally soon.
What I need
What i need is to find a way that when the browser closes a script gets executed to update the database. Alternatively a way of reading every current session on the server, which i could manipulate, or something else.
Restrictions
Our hosting providers are awful and subsequently what changes i can make to the server are limited/impossible. The hosting is a shared hosting solution.
回答1:
What i need is to find a way that when the browser closes a script gets executed to update the database.
You can't.
Your best solution may be associating the session ID with the user in the database. If the session ID on the user's computer doesn't match the most recent session ID in the database, make them log in and update the db.
回答2:
perhaps you should flip this around.
the person trying to log in gets a new session, and the new session invalidates any old sessions for the same username (thus logging them out)
this way only one person can be logged in at a time.
回答3:
There is no fool-proof way to do this, by the very nature of HTTP. But if you can deal with some lag time, there is a solution.
The best you could do is have a JS script hit a "keep-alive" script on your server. Do this every 30 seconds or so. If your server hasn't heard from the client within 1 minute, close the session.
回答4:
You can use the "loggedin" field, but adding another field "loggedin_timestamp". Then you check when the user has logged in for the last time.
If it's bigger than session persistence time, you allow him to log in again automatically
回答5:
I have been using the jquery delay time out session script to auto logout them. The script will call back a php script by which we can change the database session out time stamp. So, i think this link will help you. Jquery idle time out
来源:https://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins