[英]Yii2: logout from all browser after a user change password
I want to logged out a user from all browser when he change his current password.当他更改当前密码时,我想从所有浏览器中注销用户。 I have put the code into my controller function after saving the new passowrd into database:
将新密码保存到数据库后,我已将代码放入我的控制器函数中:
$session = Yii::$app->session;
unset($session['id']);
unset($session['timestamp']);
$session->destroy();
It works only for the browser from where I changed my password.它仅适用于我更改密码的浏览器。 but not for all browser.
但不适用于所有浏览器。 I have checked the session variable -
$session['id']
is exists or not.我检查了会话变量 -
$session['id']
是否存在。 I can see it exists in other browser even after I change my password from different browser.即使我从不同的浏览器更改了密码,我也可以看到它存在于其他浏览器中。
Related issue @github/yii2:相关问题@github/yii2:
User stays authorized despite auth key is changed #9718: https://github.com/yiisoft/yii2/issues/9718尽管身份验证密钥已更改,但用户仍保持授权 #9718: https : //github.com/yiisoft/yii2/issues/9718
It's certainly possible, using session_id
.这当然是可能的,使用
session_id
。 When the user logs in somewhere else, you can do this step before starting a new session for the new login:当用户在其他地方登录时,您可以在为新登录启动新会话之前执行此步骤:
// The hard part: find out what $old_session_id is
$session = Yii::$app->session;
unset($session['old_id']);
unset($session['timestamp']);
$session->destroy();
// Now proceed to create a new session for the new login
This will destroy the old session on the server side, so when the other computer accesses your application again it will try to access a non-existent session and a new one will be created for it (in which the user is not logged in anymore).这将破坏服务器端的旧会话,因此当另一台计算机再次访问您的应用程序时,它将尝试访问一个不存在的会话,并为其创建一个新会话(用户不再登录) .
The hard part is finding out what is the ID of the "old" session.困难的部分是找出“旧”会话的 ID 是什么。 There's no one-size-fits-all way of doing that;
没有一种万能的方法可以做到这一点。 you need to have some mechanism in place to be able to tell that the session with id XXX belongs to the same user who is logging in now.
您需要有某种机制来判断 ID 为 XXX 的会话属于现在登录的同一用户。 If you are using database sessions this should be easy enough.
如果您使用数据库会话,这应该很容易。
I can imagine you could do this by using your own session handling.我可以想象你可以通过使用自己的会话处理来做到这一点。 If you store you sessions in database.
如果您将会话存储在数据库中。
1- On changing password you should to set new auth_key. 1- 在更改密码时,您应该设置新的 auth_key。
2- Change \\common\\model\\User 2- 更改 \\common\\model\\User
public static function findIdentity($id) {
if(Yii::$app->getRequest()->getCookies()->has('_identity')){
$cookie = json_decode(Yii::$app->getRequest()->getCookies()>get('_identity'),true);
return static::findOne(['id' => $id, 'auth_key' => $cookie[1], 'status' => self::STATUS_ACTIVE]);
}
}
"_identity" is name you before did set identityCookie in main config “_identity”是您之前在主配置中设置 identityCookie 的名称
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.