java 如果用户在相同或不同的浏览器上再次登录,如何注销用户的先前会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1416732/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to logout previous session of a user,if he logins again on same or different browser
提问by James Black
I have a query, I want that if a user is already logged in to a web page and again he Relogins from same or different machine then his previous session should be killed and automatically he gets log out to main page. I'm using jquery at client side and servlets at backend. I'm using tomcat 6 as web server and jdk1.6 compiler. I just want as yahoo does, if a user is lodged in from some machine and next time he again logs in from some other or same machine he gets logs out automatically from previos session and is redirected to main page. Please tell how can i implement that.
我有一个查询,我希望如果用户已经登录到一个网页,然后他再次从同一台或不同的机器重新登录,那么他之前的会话应该被终止,并且他会自动退出到主页。我在客户端使用 jquery,在后端使用 servlet。我使用 tomcat 6 作为 web 服务器和 jdk1.6 编译器。我只是想像雅虎一样,如果用户是从某台机器登录的,下次他再次从其他或同一台机器登录时,他会自动从以前的会话中注销并重定向到主页。请告诉我如何实施。
回答by Extrakun
Here is my really contrived method for detecting different machine logins
这是我真正人为的检测不同机器登录的方法
When the user logs in, generate a hash key for him, store it in his session, and in the database. The database only stores one the hashkey for the user (it's not a history of login)
Whenever the user accesses a page, check that the hash key in the session matches the one in the database
If it matches,all is well.
If it does not matches, it is not from the same machine; because if the user logins elsewhere, a new hashkey would be generated and would replace the one in the database.
当用户登录时,为他生成一个散列密钥,将其存储在他的会话和数据库中。数据库只为用户存储一个哈希键(它不是登录历史)
每当用户访问页面时,检查会话中的哈希键是否与数据库中的哈希键匹配
如果匹配,一切都很好。
如果不匹配,则不是来自同一台机器;因为如果用户在其他地方登录,则会生成一个新的哈希键并替换数据库中的哈希键。
4a. Tell the user on the original machine that 'You have been logged into somewhere else' and unset all the session there (that is, log him out). But that is only on the next page refresh - which can be avoided if you use AJAX
4a. 告诉原始机器上的用户“您已登录到其他地方”并取消设置那里的所有会话(即,将他注销)。但这只是在下一页刷新时 - 如果您使用 AJAX,则可以避免这种情况
As for same login - if the user tries to login into the site while he is already logged in, just display a message that he's already logged in? What's the intent of flushing the session data if he logs in again (are we talking about the same user logging into the same site on the same machine here?)
至于相同的登录 - 如果用户在他已经登录的情况下尝试登录该站点,只显示一条他已经登录的消息?如果他再次登录,刷新会话数据的意图是什么(我们在这里谈论的是同一用户登录同一台机器上的同一站点吗?)
回答by James Black
If you attach a session id to a user id, then when you create a new session id, it will replace the current session id, and when you check for the valid session id, you will see that the old one is not longer found, so your application would tell them that they have been logged out.
如果你给一个用户id附加一个session id,那么当你创建一个新的session id时,它会替换当前的session id,当你检查有效的session id时,你会发现旧的已经找不到了,所以你的应用程序会告诉他们他们已被注销。
If you want to keep track of the session id, then just have a valid flag that is unique between the userid and valid flag, so each user only has one valid session at a time.
如果您想跟踪会话 id,那么只需在 userid 和 valid 标志之间设置一个唯一的有效标志,这样每个用户一次只能有一个有效的会话。
If you see that they have a second session id then you can let them know that they were logged out of the first session due to logging into the new session.
如果您看到他们有第二个会话 ID,那么您可以让他们知道由于登录新会话,他们已退出第一个会话。
回答by lubos hasko
When user logs in again, simply generate new session ID and previous one will become invalid.
当用户再次登录时,只需生成新的会话 ID,之前的会话 ID 将失效。
