堆栈内存溢出
  简体   繁体   English

如何限制登录用户使用其他浏览器/选项卡再次登录?

[英]How can I restrict logged in user from logging in again using another browser/tab?

 原文  2019-03-14 18:40:33       javascript/ node.js/ reactjs/ react-redux/ amazon-cognito

问题描述

I am using reactjs with nodejs and redux to authenticate and keep track of if user is authenticated or not (for routes). 我正在使用reactjs与nodejs和redux进行身份验证,并跟踪用户是否经过身份验证(对于路由)。 I am using aws cognito for user authentication. 我正在使用aws cognito进行用户身份验证。

What does the app do: it basically takes a file from user and uploads to s3 bucket. 该应用程序做了什么:它基本上从用户获取文件并上传到s3存储桶。

What I want to accomplish: I want to restrict the user from opening a 2nd tab (in chrome for example) and logging in again. 我想要完成的任务:我想限制用户打开第二个选项卡(例如在chrome中)并再次登录。 Currently I don't have a logout button, but if they refresh their current tab, they will be logged out and will have to log in again - reason for this is, we don't need to persist the login. 目前我没有注销按钮,但是如果他们刷新当前选项卡,他们将被注销并且必须再次登录 - 原因是,我们不需要保持登录。

In addition to this, ideally we would like to restrict the user from opening say another browser and logging in. 除此之外,理想情况下,我们希望限制用户打开其他浏览器并登录。

Is there way to restrict this? 有没有办法限制这个?

1 个解决方案

解决方案1
 0  2019-03-14 19:06:23

If you need only 1 session to be active of one particular user. 如果您只需要一个会话就可以激活一个特定用户。

  • on login you need generate JWT Token or some access key which is used during all API calls (AWS operation etc.) 登录时,您需要生成JWT令牌或一些在所有API调用(AWS操作等)期间使用的访问密钥。
  • on second login, you need to invalidate previous JWT Token/access token 在第二次登录时,您需要使先前的JWT令牌/访问令牌无效
  • this way even if user login in the second tab, the first tab will be disconnected, as the first tab is using old access token (which is now invalidated), and the 2nd tab has latest access token. 这样,即使用户在第二个选项卡中登录,第一个选项卡也将断开连接,因为第一个选项卡使用旧的访问令牌(现在无效),第二个选项卡具有最新的访问令牌。

Another approach: 另一种方法:

  • you need to have presence system. 您需要具有状态系统。 When you can tell which user is offline, which is online. 您何时可以分辨出哪个用户离线,哪个在线。
  • on the server you prohibit logins to the user, who is already online 在服务器上,您禁止登录到已经在线的用户
  • user becomes offline by closing tab or by disconnecting from the internet 用户可以通过关闭标签页或断开与互联网的连接来脱机
  • you still need some JWT tokens or other access tokens you give on every login, and invalidate old tokens 您仍然需要在每次登录时提供一些JWT令牌或其他访问令牌,并使旧令牌无效
  • you can create presence system with Firebase from Google. 您可以使用Google的Firebase创建状态系统。 Maybe other systems. 也许其他系统。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何检查用户是在一个选项卡上登录该站点而不是在同一浏览器中的另一个选项卡上? - How can you check if a user is logged into the site on one tab but not on another tab from the same browser? 如何使用Java将会话限制为单个浏览器选项卡 - How can I use Java to restrict the session to a single browser tab 使用 Asp.Net Core,如何将视图作为新的浏览器选项卡打开,然后稍后再关闭 - Using Asp.Net Core, how can I open a view as a new browser tab, and then close it again later 我们如何限制/限制用户使用javascript重新加载页面或浏览器向后或向前 - How can we constraint/restrict the user from page reloading or browser back or forward using javascript 如何使用Javascript刷新另一个选项卡 - How can I refresh a tab from another using Javascript 如何从另一个标签中选择浏览器标签? - How to select a browser tab from another tab? 如果已经使用 Reactjs 登录,如何限制用户显示登录页面 - How to restrict user to display login page if already logged in using Reactjs 如何在收到用户确认后关闭浏览器标签? - How can I close a tab of browser after getting confirmation from user? 我怎么知道用户关闭html标签或浏览器? - How can I know the user closes tab or browser in html? 限制用户访问页面而不使用javascript登录 - Restrict user from visiting a page without logging in using javascript
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM