php - Codeigniter - 如何避免用户多次登录将其 session 存储在数据库中

Question

我正在使用 Codeigniter 开发网络应用程序。

这个应用程序有一个登录页面:我想避免 2 个人在同一时刻使用相同的凭据进入。为此，我想将从函数 session_id() 获得的值存储在我的数据库中。这样，如果用户在数据库中存储了相同的 session_id，我可以 checkin 每个页面，否则他将被注销。这个解决方案似乎有效(我试过使用两个浏览器)但似乎 session_id() 返回的值随着时间的推移而变化。

我错了什么？ session_id() (解释为 here )在整个 session 中没有保持相同的值？

是否存在更好的方法来实现这一点？

提前谢谢你，抱歉我的英语不完美

Answer 1

是的， session 与你登录的地点和时间有关，而不是用户在你的应用程序中多次登录，所以至少我解决了这个问题，考虑到:

1. 用户可以关闭浏览器而不执行“注销功能”
2. 一段时间后，用户可以从另一个浏览器登录
3. 关于config['sess_match_ip']

如何应用这些注意事项:

用户尝试登录，通常是一个发布用户名和密码的表单

function logIn(){
  $user = $this->input->post('username');
  $pass = $this->input->post('pass');
  $autenticated = $this->SomeModelToLogin->logInFunction($user, $pass);
  //It depends on what you prefer but in the function that asks the db
  //if the user, exist, hash the password and whatever set the session
  //if not set it here like "first name", "last name", "data u may need", etc 


}

登录函数

function logInFunction($username, $password){
  //u can save a timestamp on the database when  the user logs in 
  //and u can ask that time like a "last_log_in_time"
  //or also use the session_id, if u are storing the session_id()
  //in your database u can compare that every time the person logs in 
  //or is using your application
  //and well here something like
  $dataReturned = $this->db
   ->query("SELECT * FROM USER where pass = $pass and username=$user");
  $this->session->nameOfTheUser = $dataReturned['name'];
  .....
  $this->session->setOtherStuff = $dataReturned['some_stuff'];
  //of he exist but is he logged in?
  //at some point u are saving the session_id to the row of the user
  //the u can ask to the database 
  $question = $this->db->select()
         ->from('USER')
         ->where('session_id', session_id())
         ->get()->num_rows();
  //now u decide if u want to destroy the session, update it whatever.
 //but u much check this every time the user is using the application 
 // if not he can just set the session and avoid the login page, and well, 
 //he can use the app
 //so try to make an function that check if the session_id matches one on the 
 //database and check it in the constructor if every controller, if it does   
 //not match just 
 /**
  $this->session->unset_userdata();
    $this->session->unset_userdata('is_client_login');
    $this->session->sess_destroy();
    $this->output->set_header("Cache-Control: no-store, no-cache, must- revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
    $this->output->set_header("Pragma: no-cache");
    redirect(base_url());
  */

}

PS:我回家后会编辑答案我知道我没有考虑到一些点、顺序和东西(讨厌手机键盘)