duanping6698 2014-10-14 12:04
浏览 67

从远程服务器删除memcache会话

I need to limit only one login in that way, so that user can't login using one account multiple times at once. Also user can be logged on a different server, so I can't use session_destroy, I need to delete session "manually".

When using session with file storage it works fine, I delete file, login new user all works great. However when I use sessions with memcache, I can delete session from memcache, but further login in the same request is lost.

This is how I do it:

session_regenerate_id();
$session_id = session_id(); 

$m = new Memcache();
$m->connect('XXX.XXX.XXX.XXX', 11211);

$ans = $m->delete(SESSION_ID_OF_ALREADY_LOGGED_USER);

$query = "UPDATE activeLogins SET activeSession = '{$session_id}' WHERE userEmail = $safeEmail LIMIT 1";
$dbh->exec($query);

//Login new user...

Any idea what may be wrong?

  • 写回答

1条回答 默认 最新

  • duanchi0883649 2014-10-20 13:56
    关注

    Check the session id against what's stored in the database

    As I understand it you want to restrict one user to one client machine. And that machine should be the last one that was logged into. I think you should be able to achieve this with a simple check on each page load.

    From your question I can see that your database has a table called activeLogins containing at leat these fields: activeSession and userEmail.

    From this I assume that it is the email address that uniquely identifies the user. So after a new login you have a $session_id, $safeEmail and the corresponding updated row in activeLogins table.

    Now suppose the user didn't log out of an old machine? What will happen on the next page load there (before you update the activeLogins table)? Right, the activeSession will be different from the $session_id on that server. Remember that the new login changed it.

    So all you need to do is check whether the $session_id matches the activeSession in the activeLogins table.

    I also would suggest to only update the activeLogins table after a new login, and not on each page load. Although it is not clear from your question whether or not you do this.

    I'm not sure whether this does actually answer your question. It seems such a simple answer. However you question is not very clear. Are you really using the code you show us in that order on each page load?!

    In response to all your answers I've looked for the best way to push notifications from the server to the client machine. One method you've mentioned yourself is ajax polling, but I think this is a bad practice and should not be used.

    There is Ratchet (http://socketo.me) it gives you a continueous connection. You can simply remove the connection when another login is detected and react to that in the old client.

    There's also a higher level interface for sending events from the server to a client:

    https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events

    But that's not supported in IE, so it is not generally usable.

    You can also have a look at http://pusher.com

    The point of all these suggestions is that you can efficiently push out a signal to a client, indicating that it should remove access to the site you're serving, without constantly polling.

    评论

报告相同问题?

悬赏问题

  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 正弦信号发生器串并联电路电阻无法保持同步怎么办
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 个人网站被恶意大量访问,怎么办
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)