禁止用户同时从两个或多个Android设备登录
[英]Forbid user to login from two or more Android devices at the same time
问题描述
Let's say I have Android app with user login functionality and PHP based back-end server. 
假设我有一个具有用户登录功能和基于PHP的后端服务器的Android应用。 When user fills required fields (name and e-mail for example) with according information and press "login" button, request is being made to back-end server. 当用户使用相应的信息填写必填字段(例如名称和电子邮件)并按“登录”按钮时,将向后端服务器发出请求。 Now let's say user is successfully logged in. 现在,假设用户已成功登录。
My question would be, does exist any common used mechanisms/solutions/design patterns similar to web 我的问题是,是否存在类似于网络的任何常用机制/解决方案/设计模式
sessions
between Android apps and server side in order to implemement such functionalities like login/logout, prevent users to login with the same account at the same time, etc.? 为了实现诸如登录/注销之类的功能,阻止用户同时使用同一帐户登录等功能,在Android应用和服务器端之间建立了联系?
2 个解决方案
解决方案1
1 已采纳 2015-05-04 08:24:39
Why use something similar to php sessions? 为什么要使用类似于php session的东西? use php sessions instead! 改用php会话!
session_start();
$sess_id = session_id();
Give this id to your client, and make sure it appears in every requests the client application makes to your server. 将此ID提供给您的客户端,并确保该ID出现在客户端应用程序对服务器的所有请求中。
Here is how you load a session by id : 这是您通过id加载会话的方式:
session_id("your_client_session_id");
session_start();
Basically it's the same usage than web, except browsers use cookie to store the session_id. 基本上,它的用法与Web相同,只是浏览器使用cookie来存储session_id。
Then if you are using org.apache.http in your client application, you should be able to use org.apache.http.cookie . 然后,如果在客户端应用程序中使用org.apache.http ,则应该可以使用org.apache.http.cookie 。 This way you can set your PHP_SESSID in a cookie, and your application will automatically send this in every request. 这样,您可以在cookie中设置PHP_SESSID,应用程序将在每个请求中自动发送它。
解决方案2
0 2015-05-04 08:23:59
Since different instances of the app presumable authenticate via the same remote service (the PHP backend), it could be part of that implementation to track when an identity has authenticated and from which device. 由于该应用程序的不同实例可能是通过同一远程服务(PHP后端)进行身份验证的,因此它可以是该实现的一部分,以跟踪身份何时进行身份验证以及从哪个设备进行身份验证。 Then you would need a way of tracking how long a user is active in the given sessions (like sending a "ping" from the app at an interval as long as it runs). 然后,您将需要一种跟踪用户在给定会话中处于活动状态的时间的方式(例如,从应用程序运行开始就以一定间隔发送“ ping”)。
Using this information (last login, last ping) it could be exactly determined if an identity has an active session and deny access to subsequent authentication attempts of the same identity. 使用此信息(最后一次登录,最后一次ping),可以准确确定某个身份是否具有活动会话,并拒绝访问相同身份的后续身份验证尝试。
It's up to the implementation how active session is defined. 如何定义活动会话取决于实现。 It may be active as long as the app runs, as long as the app is in the foreground, as long as the user keeps interacting with it not exceeding a certain idle time threshold, etc. The point is to log and collect information of all sessions on the server side. 只要应用程序运行,只要它在前台,只要用户保持与它的交互不超过特定的空闲时间阈值,它就可以处于活动状态。关键是记录并收集所有信息服务器端的会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.