Codeigniter-如何避免用戶的多次登錄將其會話存儲在數據庫中

Question

我正在使用Codeigniter開發一個Web應用程序。

這個應用程序有一個登錄頁面：我想避免兩個人在同一時間以相同的憑據輸入。 為此，我認為將從函數session_id（）獲得的值存儲在數據庫中。 這樣，我可以在每個頁面中檢入用戶是否具有存儲在數據庫中的相同session_id，否則，將其注銷。 該解決方案似乎有效（我嘗試使用兩個瀏覽器），但似乎session_id（）返回的值會隨着時間變化。

我在冤wrong嗎？ session_id（）（ 在此處解釋）在整個會話中是否保持相同的值？

是否存在更好的方法來實現這一目標？

在此先感謝您，對不起我的英語不完美

Answer 1

是的，會話與您登錄的時間和地點有關，如果用戶在ur應用程序中登錄了幾次，則與會話無關，因此至少考慮到我可以解決此問題的一種方式：

1. 用戶只能關閉瀏覽器，而從不執行“注銷功能”
2. 一段時間后，用戶可以從其他瀏覽器登錄
3. 怎么樣config['sess_match_ip']

如何應用這些注意事項：

用戶嘗試登錄通常是發布用戶名和密碼的表單

function logIn(){
  $user = $this->input->post('username');
  $pass = $this->input->post('pass');
  $autenticated = $this->SomeModelToLogin->logInFunction($user, $pass);
  //It depends on what you prefer but in the function that asks the db
  //if the user, exist, hash the password and whatever set the session
  //if not set it here like "first name", "last name", "data u may need", etc 


}

登錄功能

function logInFunction($username, $password){
  //u can save a timestamp on the database when  the user logs in 
  //and u can ask that time like a "last_log_in_time"
  //or also use the session_id, if u are storing the session_id()
  //in your database u can compare that every time the person logs in 
  //or is using your application
  //and well here something like
  $dataReturned = $this->db
   ->query("SELECT * FROM USER where pass = $pass and username=$user");
  $this->session->nameOfTheUser = $dataReturned['name'];
  .....
  $this->session->setOtherStuff = $dataReturned['some_stuff'];
  //of he exist but is he logged in?
  //at some point u are saving the session_id to the row of the user
  //the u can ask to the database 
  $question = $this->db->select()
         ->from('USER')
         ->where('session_id', session_id())
         ->get()->num_rows();
  //now u decide if u want to destroy the session, update it whatever.
 //but u much check this every time the user is using the application 
 // if not he can just set the session and avoid the login page, and well, 
 //he can use the app
 //so try to make an function that check if the session_id matches one on the 
 //database and check it in the constructor if every controller, if it does   
 //not match just 
 /**
  $this->session->unset_userdata();
    $this->session->unset_userdata('is_client_login');
    $this->session->sess_destroy();
    $this->output->set_header("Cache-Control: no-store, no-cache, must- revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
    $this->output->set_header("Pragma: no-cache");
    redirect(base_url());
  */

}

PS：回到家時，我將編輯答案，我知道我沒有考慮某些要點，命令和內容（討厭的手機鍵盤）