
时间:2021-11-24 20:28:11

I am running my server in node.js language and i am using express module, how can i prevent the client from opening more than one instance of my web site


2 个解决方案



Here is one way to handle making sure only one authenticated socket per user is allowed at a time.


var socketSessions = {};

io.use(function(socket, next) {
  var request = {
    url: socket.request.url,
    headers: {
      cookie: socket.request.headers.cookie

  cookieParser(request, {}, function(err) {
    if(err) {
      return next(err);
    expressSession(sessionSettings)(request, {}, function(err) {
      if(err) {
        return next(err);

      socket.session = request.session;
      if(socketSessions[request.session.userId]) {
        var oldSocket = socketSessions[request.session.userId];

      socketSessions[request.session.userId] = socket;

Assumptions for the code above: 1. You're using Express. 2. You're using cookie-parser and express-session. 3. your authentication mechanism creates a session.userId

上述代码的假设:1。您正在使用Express。你正在使用cookie-parser和express-session。 3.您的身份验证机制会创建session.userId

This creates a socket.io middleware which maps a session to a socket. If a new socket connection comes in for a user, we disconnect the other socket, and then create a new socket/session map.




Since most server-side techniques don't scale because they require you to hold state server-side, I'd go with a client-side approach. You could communicate between windows using cookies, and make sure only one client "owns" the cookie at any given time. Maybe use something like the Raft Consensus Algorithm to pick which window is the active one, then have the other display "Multiple sessions not allowed."

由于大多数服务器端技术无法扩展,因为它们需要您保持状态服务器端,因此我采用客户端方法。您可以使用cookie在窗口之间进行通信,并确保在任何给定时间只有一个客户“拥有”cookie。也许使用像Raft Consensus Algorithm这样的东西来选择哪个窗口是活动窗口,然后让另一个显示“不允许多个会话”。



Here is one way to handle making sure only one authenticated socket per user is allowed at a time.


var socketSessions = {};

io.use(function(socket, next) {
  var request = {
    url: socket.request.url,
    headers: {
      cookie: socket.request.headers.cookie

  cookieParser(request, {}, function(err) {
    if(err) {
      return next(err);
    expressSession(sessionSettings)(request, {}, function(err) {
      if(err) {
        return next(err);

      socket.session = request.session;
      if(socketSessions[request.session.userId]) {
        var oldSocket = socketSessions[request.session.userId];

      socketSessions[request.session.userId] = socket;

Assumptions for the code above: 1. You're using Express. 2. You're using cookie-parser and express-session. 3. your authentication mechanism creates a session.userId

上述代码的假设:1。您正在使用Express。你正在使用cookie-parser和express-session。 3.您的身份验证机制会创建session.userId

This creates a socket.io middleware which maps a session to a socket. If a new socket connection comes in for a user, we disconnect the other socket, and then create a new socket/session map.




Since most server-side techniques don't scale because they require you to hold state server-side, I'd go with a client-side approach. You could communicate between windows using cookies, and make sure only one client "owns" the cookie at any given time. Maybe use something like the Raft Consensus Algorithm to pick which window is the active one, then have the other display "Multiple sessions not allowed."

由于大多数服务器端技术无法扩展,因为它们需要您保持状态服务器端,因此我采用客户端方法。您可以使用cookie在窗口之间进行通信,并确保在任何给定时间只有一个客户“拥有”cookie。也许使用像Raft Consensus Algorithm这样的东西来选择哪个窗口是活动窗口,然后让另一个显示“不允许多个会话”。