问题
I am developing secure login system with php. I want to prevent multiple login for user with same username and password. With my script user can login on account from different browsers or from different IP with same username and password. I need to add some column on my database. When user logged in field becomes 1, and account is locked, when user logged out account is unlocked. But what if user close the browser without logout?
回答1:
You can set a random salt on login and store it in the database and in a cookie in the user.
On each login you will generate a new random salt and store it in the database (replacing the previous value) and in a cookie for the current user.
For each action on your site you will check not only for the session but for the salt too - if the salt in the user session is different for the current user - that means somebody logged-on after him with the same credentials and you will invalidate the current session. That way you will have the required functionality and you will not have trouble with users not logging out because each time a user logs in it will invalidate all other users logged-in with the same credentials.
来源:https://stackoverflow.com/questions/23565413/how-to-prevent-multiple-user-login-with-same-user-name-and-password