Yii2:用户更改密码后从所有浏览器注销
[英]Yii2: logout from all browser after a user change password
问题描述
I want to logged out a user from all browser when he change his current password.
当他更改当前密码时,我想从所有浏览器中注销用户。 I have put the code into my controller function after saving the new passowrd into database:将新密码保存到数据库后,我已将代码放入我的控制器函数中:
$session = Yii::$app->session;
unset($session['id']);
unset($session['timestamp']);
$session->destroy();
It works only for the browser from where I changed my password.它仅适用于我更改密码的浏览器。 but not for all browser.但不适用于所有浏览器。 I have checked the session variable - $session['id'] is exists or not.我检查了会话变量 - $session['id']是否存在。 I can see it exists in other browser even after I change my password from different browser.即使我从不同的浏览器更改了密码,我也可以看到它存在于其他浏览器中。
3 个解决方案
解决方案1
1 2015-09-23 10:16:06
Related issue @github/yii2:相关问题@github/yii2:
User stays authorized despite auth key is changed #9718: https://github.com/yiisoft/yii2/issues/9718尽管身份验证密钥已更改,但用户仍保持授权 #9718: https : //github.com/yiisoft/yii2/issues/9718
解决方案2
0 已采纳 2015-09-23 08:22:10
It's certainly possible, using session_id .这当然是可能的,使用session_id 。 When the user logs in somewhere else, you can do this step before starting a new session for the new login:当用户在其他地方登录时,您可以在为新登录启动新会话之前执行此步骤:
// The hard part: find out what $old_session_id is
$session = Yii::$app->session;
unset($session['old_id']);
unset($session['timestamp']);
$session->destroy();
// Now proceed to create a new session for the new login
This will destroy the old session on the server side, so when the other computer accesses your application again it will try to access a non-existent session and a new one will be created for it (in which the user is not logged in anymore).这将破坏服务器端的旧会话,因此当另一台计算机再次访问您的应用程序时,它将尝试访问一个不存在的会话,并为其创建一个新会话(用户不再登录) .
The hard part is finding out what is the ID of the "old" session.困难的部分是找出“旧”会话的 ID 是什么。 There's no one-size-fits-all way of doing that;没有一种万能的方法可以做到这一点。 you need to have some mechanism in place to be able to tell that the session with id XXX belongs to the same user who is logging in now.您需要有某种机制来判断 ID 为 XXX 的会话属于现在登录的同一用户。 If you are using database sessions this should be easy enough.如果您使用数据库会话,这应该很容易。
I can imagine you could do this by using your own session handling.我可以想象你可以通过使用自己的会话处理来做到这一点。 If you store you sessions in database.如果您将会话存储在数据库中。
解决方案3
0 2020-08-14 22:19:40
1- On changing password you should to set new auth_key. 1- 在更改密码时,您应该设置新的 auth_key。
2- Change \\common\\model\\User 2- 更改 \\common\\model\\User
public static function findIdentity($id) {
if(Yii::$app->getRequest()->getCookies()->has('_identity')){
$cookie = json_decode(Yii::$app->getRequest()->getCookies()>get('_identity'),true);
return static::findOne(['id' => $id, 'auth_key' => $cookie[1], 'status' => self::STATUS_ACTIVE]);
}
}
"_identity" is name you before did set identityCookie in main config “_identity”是您之前在主配置中设置 identityCookie 的名称
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.