[英]Codeigniter - How to avoid multiple login of an user storing his session in database
我正在使用Codeigniter開發一個Web應用程序。
這個應用程序有一個登錄頁面:我想避免兩個人在同一時間以相同的憑據輸入。 為此,我認為將從函數session_id()獲得的值存儲在數據庫中。 這樣,我可以在每個頁面中檢入用戶是否具有存儲在數據庫中的相同session_id,否則,將其注銷。 該解決方案似乎有效(我嘗試使用兩個瀏覽器),但似乎session_id()返回的值會隨着時間變化。
我在冤wrong嗎? session_id()( 在此處解釋)在整個會話中是否保持相同的值?
是否存在更好的方法來實現這一目標?
在此先感謝您,對不起我的英語不完美
是的,會話與您登錄的時間和地點有關,如果用戶在ur應用程序中登錄了幾次,則與會話無關,因此至少考慮到我可以解決此問題的一種方式:
config['sess_match_ip']
如何應用這些注意事項:
用戶嘗試登錄通常是發布用戶名和密碼的表單
function logIn(){
$user = $this->input->post('username');
$pass = $this->input->post('pass');
$autenticated = $this->SomeModelToLogin->logInFunction($user, $pass);
//It depends on what you prefer but in the function that asks the db
//if the user, exist, hash the password and whatever set the session
//if not set it here like "first name", "last name", "data u may need", etc
}
登錄功能
function logInFunction($username, $password){
//u can save a timestamp on the database when the user logs in
//and u can ask that time like a "last_log_in_time"
//or also use the session_id, if u are storing the session_id()
//in your database u can compare that every time the person logs in
//or is using your application
//and well here something like
$dataReturned = $this->db
->query("SELECT * FROM USER where pass = $pass and username=$user");
$this->session->nameOfTheUser = $dataReturned['name'];
.....
$this->session->setOtherStuff = $dataReturned['some_stuff'];
//of he exist but is he logged in?
//at some point u are saving the session_id to the row of the user
//the u can ask to the database
$question = $this->db->select()
->from('USER')
->where('session_id', session_id())
->get()->num_rows();
//now u decide if u want to destroy the session, update it whatever.
//but u much check this every time the user is using the application
// if not he can just set the session and avoid the login page, and well,
//he can use the app
//so try to make an function that check if the session_id matches one on the
//database and check it in the constructor if every controller, if it does
//not match just
/**
$this->session->unset_userdata();
$this->session->unset_userdata('is_client_login');
$this->session->sess_destroy();
$this->output->set_header("Cache-Control: no-store, no-cache, must- revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
$this->output->set_header("Pragma: no-cache");
redirect(base_url());
*/
}
PS:回到家時,我將編輯答案,我知道我沒有考慮某些要點,命令和內容(討厭的手機鍵盤)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.