如何防止移动应用程序中的多次登录
[英]How to prevent multiple logins in mobile applications
问题描述
If we want to prevent multiple logins with same credentials in mobile application how can we do that and we do not have any sessions in mobile so can we do with token based authentication please give me some ideas how to do this. 
如果我们想防止在移动应用程序中使用相同的凭据进行多次登录,我们该怎么做,而在移动设备中没有任何会话,那么我们可以使用基于令牌的身份验证来做些什么,请给我一些想法。
I am implementing ionic 2 application with back end as node js. 我正在使用后端作为节点js实现ionic 2应用程序。 I would be very grateful to get suggestions. 我非常感谢收到建议。 Thank you in advance. 先感谢您。
3 个解决方案
解决方案1
0 2017-01-27 13:06:14
您可以保存每个登录连接,并在每次创建新连接时断开所有以前保存的登录。
解决方案2
0 2017-01-27 14:14:55
If you want to restrict multiple logins on same device and same application then Two possible solutions: 1. you can use device uuid Device plugin Device uuid will be unique. 如果要限制同一设备和同一应用程序上的多次登录,则有两种可能的解决方案:1.您可以使用设备uuid 设备插件设备uuid将是唯一的。 (Don't use device uuid as authentication token) Install it: (不要将设备uuid用作身份验证令牌)安装它:
$ ionic plugin add cordova-plugin-device
ans usage 用法
import { Device } from 'ionic-native';
console.log('Device UUID is: ' + Device.uuid);
- On login you can use token base authentication.when ever user login save token in localStorage.and when ever app open (index page) check if token is present and still valid than takes user to dashboard otherwise to the login page. 登录时,您可以使用基于令牌的身份验证。每当用户登录时,将令牌保存在localStorage中。当应用程序打开时(索引页面),检查令牌是否存在并且仍然有效,然后将用户带到仪表板,否则将其带到登录页面。
解决方案3
0 2017-01-27 14:52:37
If you don't have any sessions, then it's best to utilize tokens. 如果您没有任何会话,那么最好利用令牌。
There's a great Node.JS API project that already implements tokens on Github, which I've forked and used in the past. 有一个很棒的Node.JS API项目 ,该项目已经在Github上实现了令牌,这是我过去分叉和使用的。 You could browse this as an example. 您可以浏览此示例。
Inside of this project, there's a config for the tokens like so: 在该项目内部,有一个令牌配置,如下所示:
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
// AccessToken
var AccessToken = new Schema({
userId: {
type: String,
required: true
},
clientId: {
type: String,
required: true
},
token: {
type: String,
unique: true,
required: true
},
created: {
type: Date,
default: Date.now
}
});
module.exports = mongoose.model('AccessToken', AccessToken);
All you would need to do is change the logic to check for the clientId and token for authentication. 您需要做的就是更改逻辑以检查clientId和令牌以进行身份验证。 If the clientId (which is auto-generated each time) is different, then log the user out; 如果clientId(每次自动生成)不同,则注销用户;否则,退出用户。 forcing them to re-authenticate. 强迫他们重新认证。
With modern mobile devices, this can easily be done in Javascript with local storage: 使用现代移动设备,可以使用本地存储的Javascript轻松完成此操作:
var testObject = { 'one': 1, 'two': 2, 'three': 3 };
// Put the object into storage
localStorage.setItem('testObject', JSON.stringify(testObject))…
This allows infinite use on one device, but only ever one device at a time. 这样可以无限使用一台设备,但一次只能使用一台设备。 You could also easily set an expiration on the token as well if you'd like to auto-log out after a period of time. 如果您想在一段时间后自动注销,也可以轻松设置令牌的到期时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.