限制同时连接到同一用户帐户的数量

Question

I have been hired to work on an existing site built in Laravel, which is a platform for real estate agents.

There are two account types - the cheap "individual agent" account and the more expensive "enterprise" account which is meant to be used by real estate agencies.

Everything is generally working well, however it has come to my client's attention that some real estate agencies are exploiting the system by having one person sign up for an individual account and then handing out the username/password to all their employees, sometimes 30 or 40 of them.

This is cheating because the "enterprise" account type exists specifically for this purpose.

My question - is it possible to limit the number of simultaneous logins to the same account? For example, I would like to set the maximum number of concurrent sessions for an individual-type account to 2. Then, if a 3rd login to the same account is attempted, it is declined by the website with an appropriate message.

I've been looking for solutions online, however they are either based on IP checks or some convoluted Apache/nginx config which I don't think applies to this case. Note that the users may or may not be logging in from the same IP, so any IP-based checks are useless in this case.

I am primarily looking for a solution native to PHP/Laravel, if not possible then please feel free to suggest any alternatives.

Answer 1

Did you try to extend the sendLoginResponse method inside the LoginController? Do you have different models for your users? or are you using only the User Model with attributes? You could do something similar to this over here: https://laracasts.com/discuss/channels/laravel/restricting-user-to-one-session-laravel-53 I wanted to write a comment, not an answer but I'm still not able to. I'll help if you give me more information.