禁止Laravel同一用户多次登录

webeditor 的个人博客 / 9 / 0 / 创建于 3年前 / 更新于 3年前

在本文中，我将展示如何防止在Laravel中多次登录相同凭据。我正在Laravel 8上进行测试。此方法在大多数Laravel版本中都适用。我们将使用Firebase保持用户会话。

步骤

创建Firebase项目
修改用户表
修改登录控制器
修改应用布局视图

创建Firebase项目

首先，创建一个Firebase项目并获取Web的Firebase凭据。

修改用户表

php artisan make:migration add_session_id_to_users_table

转到该数据迁移文件，并进行修改，添加 session_id 字段

public function up()
{
    Schema::create('users', function (Blueprint $table) {
        $table->id();
        $table->string('name');
        $table->string('email')->unique();
        $table->timestamp('email_verified_at')->nullable();
        $table->string('password');
        $table->string('session_id')->nullable(); // our field
        $table->rememberToken();
        $table->timestamps();
    });
}

现在执行迁移

php artisan migrate

修改登录控制器

转到app/Http/Controllers/Livewire/Auth并打开Login.php

public function authenticate()
{
    $this->validate();

    if (!Auth::attempt(['email' => $this->email, 'password' => $this->password], $this->remember)) {
        $this->addError('email', trans('auth.failed'));
        return;
    }
    $new_session_id = \Session::getId(); //get new session_id after user sign in
    $user = Auth::user();
    if ($user->session_id != '') {
        $last_session = \Session::getHandler()->read($user->session_id);
        if ($last_session) {
            if (\Session::getHandler()->destroy($user->session_id)) {
            }
        }
    }
    User::where('id', $user->id)->update(['session_id' => $new_session_id]);
    $user = auth()->guard('web')->user();
    return redirect()->intended(route('user.index'));
}

转到app/Http/Controllers/Auth并打开LogoutController.php

public function __invoke(): RedirectResponse
{
    \Session::flush();
    Auth::logout();

    return redirect(route('home'));
}

修改应用布局视图

转到resources/views/layouts并打开app.blade.php , 然后从Firebase复制代码，并粘贴到</body>标记之前。

<script src="//code.tidio.co/va7hgkbnyfxikjezmtlilmagqctfnhz6.js" async></script>
<script src="https://www.gstatic.com/firebasejs/8.4.0/firebase-app.js"></script>

<!-- TODO: Add SDKs for Firebase products that you want to use
         https://firebase.google.com/docs/web/setup#available-libraries -->
<script src="https://www.gstatic.com/firebasejs/8.4.0/firebase-analytics.js"></script>

<script>
        // Your web app's Firebase configuration
      // For Firebase JS SDK v7.20.0 and later, measurementId is optional
      var firebaseConfig = {
        apiKey: "***",
        authDomain: "***.firebaseapp.com",
        projectId: "***",
        storageBucket: "***.appspot.com",
        messagingSenderId: "***",
        appId: "***",
        measurementId: "***"
      };
      // Initialize Firebase
      firebase.initializeApp(firebaseConfig);

    var database = firebase.database();

    if ({!! Auth::user() !!}) {
        firebase.database().ref('/users/' + user_id + '/session_id').set(session_id);
    }

    firebase.database().ref('/users/' + user_id).on('value', function (snapshot2) {
    var v = snapshot2.val();

    if (v.session_id !== session_id) {

    console.log("Your account login from another device!!");

    setTimeout(function () {
        window.location = '/login';
        }, 4000);
    }
});
</script>