堆栈内存溢出
  简体   繁体   English

当用户登录另一浏览器时,使该浏览器中的用户会话无效?

[英]Invalidate a user session in one browser when user logins in another browser?

 原文  2011-05-09 09:24:07       java/ spring/ struts2

问题描述

We have a web application which uses Struts 2, Spring and Hibernate. 我们有一个使用Struts 2,Spring和Hibernate的Web应用程序。

Currently a user using two different browsers (IE and FF) can log in to the same account at the same time. 当前,使用两种不同浏览器(IE和FF)的用户可以同时登录到同一帐户。

Now, when you hit the login button, we need to invalidate all other logins for that account. 现在,当您点击登录按钮时,我们需要使该帐户的所有其他登录无效。

eg A User logins to an account on Firefox. 例如,一个用户登录Firefox上的帐户。 The same user logins to same account in IE. 同一用户登录IE中的同一帐户。 In this case when he logins in IE, his session in firefox needs to be invalidated. 在这种情况下,当他登录IE时,需要使他在firefox中的会话无效。

Is there any way we can do this? 有什么办法可以做到这一点?

Please help 请帮忙

3 个解决方案

解决方案1
 2  2011-05-09 09:27:28

If you keep track of what user did log in in what session then yes, I think it can be done. 如果您跟踪哪个用户登录了哪个会话,那么可以,我认为可以做到。 You already have his identity, now on each login you go your list of all current logged in users and their sessions (kept in a whatever datastructure you like: ie a static hash map (I know statics are bad:-), but they also are useful at times) and invalidate his previous session. 您已经有了他的身份,现在在每次登录时,您都会列出所有当前已登录用户及其会话的列表(保留在您喜欢的任何数据结构中:即静态哈希映射(我知道静态是不好的:-),但他们也有时会很有用),并使他之前的会话无效。

You sit on the server, you have the powers to organize sessions as you like. 您坐在服务器上,可以根据需要组织会话。

解决方案2
 1  2011-05-09 10:23:52

Agree with Tomasz Stanczak .. But be sure to check the IP address through which the account is getting logged in for the second time. 同意Tomasz Stanczak ..但请确保检查第二次通过该帐户登录的IP地址。 Else, there are high chances of logging out the original user for an intruder to log in :-) 否则,很有可能注销入侵者的原始用户以进行登录:-)

In my opinion, I would go with ask the user to log out from some other place(say IE) before he logs in here (say FF). 我认为,我会要求用户在登录到其他地方(例如FF)之前从其他地方注销(例如IE)。 Take a look in to the feature that gmail has (bottom of the page- Account activity), you can sign out all other sessions from one place. 查看gmail具有的功能(页面底部的“帐户活动”),您可以从一个位置注销所有其他会话。

解决方案3
 1 已采纳  2011-05-09 17:28:40

The key is "same account". 关键是“相同的帐户”。 I would never do this if the user logs in into different accounts from more than one browser. 如果用户从多个浏览器登录到不同的帐户,我将永远不会这样做。

When the user logs in, take a random value for a session variable, associated with the account. 用户登录时,请为与该帐户关联的会话变量取一个随机值。 If the session's value is a different value than this one, then it's not a valid session. 如果会话的值与此值不同,则它不是有效的会话。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 当用户使用servlet关闭浏览器时使会话无效 - To invalidate session when user close browser by using servlet 如何使浏览器会话无效 - How to invalidate browser session 在新的浏览器选项卡上的最终用户会话 - End user session when on new browser tab 如果用户再次登录相同或不同的浏览器,如何注销用户的上一个会话 - How to logout previous session of a user,if he logins again on same or different browser 当用户在浏览器上单击“后退”按钮时,会话将如何处理? - what happens to session when user click back button on browser? 如何在JSF中的浏览器关闭时使会话无效 - How to invalidate the session on browser close in the JSF 如何使用相同的凭据记录两次用户会话时使其无效 - How to invalidate an user session when he logs twice with the same credentials 通过 RESTful 调用注销用户(使会话无效) - logout user via RESTful call (invalidate session) 如果用户打开多个选项卡,则会话无效 - invalidate session if user opens multiple tabs 为什么session.invalidate在IE浏览器中不起作用? - Why session.invalidate doesn't work in IE browser?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM