未登录用户的速率限制?
[英]How to do Rate limit for non-logged in user?
问题描述
public function behaviors()
{
return [
'rateLimiter' => [
'class' => \yii\filters\RateLimiter::className(),
'enableRateLimitHeaders' =>false
],
];
}
public function getRateLimit($request, $action)
{
// 6 - кол-во
// 10 - это секунды
return [6, 10];
}
public function loadAllowance($request, $action)
{
return [$this->allowance, $this->allowance_updated_at];
}
/**
* Метод сохранит в кеш
* @param \yii\web\Request $request
* @param \yii\base\Action $action
* @param int $allowance
* @param int $timestamp
*/
public function saveAllowance($request, $action, $allowance, $timestamp)
{
$this->allowance = $allowance;
$this->allowance_updated_at = $timestamp;
$this->save();
}
The point is that logging is happening with android application without using session. 
关键是使用Android应用程序进行日志记录时无需使用会话。 Just sent in the response token which is the id of the logged-in user. 刚发送的响应令牌即已登录用户的ID。
1 个解决方案
解决方案1
0 2017-12-01 14:46:44
You can take the help of cookies, I'm not sure how cookie works in android apps.
您可以利用Cookie的帮助,我不确定Cookie在Android应用中的工作方式。 You can opt for temporary files. 您可以选择临时文件。 You can log the IP of the non logged in user and keep in in your database as long as you want to keep the limit.
您可以记录未登录用户的IP并保留在数据库中,只要您想保持该限制即可。
However, users can bypass the limit if you implement it in either of the above ways, by deleting cookies/temporary files or IP. 但是,如果您通过以上两种方式之一实施此限制,则可以通过删除Cookie /临时文件或IP来绕过该限制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.