问题
How can I prevent a logged-In member from logging into their account (in a new tab or different device) without logging out of their existing session ?
I am working on a client job-board website where logged-in employers can submit a single Job Vacancy via the post_job.php page. The problem is they can Login again from a new tab or device without logging out and post more than their permitted single job posting. What would be the easiest way of preventing employers from doing this ?
I am a comparative newbie and everything I have read so far assumes I am not. So any answers in simple jargon-free terms will be greatly appreciated.
回答1:
Take a look at this it protect you from Cross-Site Request Forgery and you can check if user had logged in. Try: save csrf token to db, then check if users token same that in db... If not: unset cookie and session for this user and return him to Sign In page; If yes: do your stuff
回答2:
You could save the name of the user in his session on his first login. Then, in your login routine, you could check if you have a session with that username. If yes, you know that the user tries to login twice.
回答3:
To do this you need a field in users table example is_login as tiny int (1 or 0). When you the user logs in first time you set the is_login 1. And on every attempt to login when you check username(email) you also check for is_login. If it is 1 you don't login user but output an error message. When te user logs out you set is_login 0.
回答4:
Depending on your Cookie and Session variables, you can compare the two to keep multiple open logins.
if($_SESSION['<username>']==$_COOKIE['<username>'] && $_COOKIE['<id>']!= $_SESSION['<id>']) {
//deny access or log out prior session and delete prior requests
}
来源:https://stackoverflow.com/questions/43215735/how-to-prevent-multiple-logins-from-same-user