在Node.js中,如何防止客户端从我的网站打开多个实例

时间:2022-04-25 18:55:33

I am running my server in node.js language and i am using express module, how can i prevent the client from opening more than one instance of my web site

我用node.js语言运行我的服务器,我正在使用快速模块,如何阻止客户端打开我的网站的多个实例

2 个解决方案

#1


1  

Here is one way to handle making sure only one authenticated socket per user is allowed at a time.

这是一种处理方法,确保每次只允许每个用户使用一个经过身份验证的套接字。

var socketSessions = {};

io.use(function(socket, next) {
  var request = {
    url: socket.request.url,
    headers: {
      cookie: socket.request.headers.cookie
    }
  }

  cookieParser(request, {}, function(err) {
    if(err) {
      return next(err);
    }
    expressSession(sessionSettings)(request, {}, function(err) {
      if(err) {
        return next(err);
      }

      socket.session = request.session;
      if(socketSessions[request.session.userId]) {
        var oldSocket = socketSessions[request.session.userId];
        oldSocket.disconnect();
      }

      socketSessions[request.session.userId] = socket;
      next();
    });
  });
});

Assumptions for the code above: 1. You're using Express. 2. You're using cookie-parser and express-session. 3. your authentication mechanism creates a session.userId

上述代码的假设:1。您正在使用Express。你正在使用cookie-parser和express-session。 3.您的身份验证机制会创建session.userId

This creates a socket.io middleware which maps a session to a socket. If a new socket connection comes in for a user, we disconnect the other socket, and then create a new socket/session map.

这将创建一个socket.io中间件,它将会话映射到套接字。如果为用户提供了新的套接字连接,我们将断开另一个套接字,然后创建一个新的套接字/会话映射。

#2


2  

Since most server-side techniques don't scale because they require you to hold state server-side, I'd go with a client-side approach. You could communicate between windows using cookies, and make sure only one client "owns" the cookie at any given time. Maybe use something like the Raft Consensus Algorithm to pick which window is the active one, then have the other display "Multiple sessions not allowed."

由于大多数服务器端技术无法扩展,因为它们需要您保持状态服务器端,因此我采用客户端方法。您可以使用cookie在窗口之间进行通信,并确保在任何给定时间只有一个客户“拥有”cookie。也许使用像Raft Consensus Algorithm这样的东西来选择哪个窗口是活动窗口,然后让另一个显示“不允许多个会话”。

#1


1  

Here is one way to handle making sure only one authenticated socket per user is allowed at a time.

这是一种处理方法,确保每次只允许每个用户使用一个经过身份验证的套接字。

var socketSessions = {};

io.use(function(socket, next) {
  var request = {
    url: socket.request.url,
    headers: {
      cookie: socket.request.headers.cookie
    }
  }

  cookieParser(request, {}, function(err) {
    if(err) {
      return next(err);
    }
    expressSession(sessionSettings)(request, {}, function(err) {
      if(err) {
        return next(err);
      }

      socket.session = request.session;
      if(socketSessions[request.session.userId]) {
        var oldSocket = socketSessions[request.session.userId];
        oldSocket.disconnect();
      }

      socketSessions[request.session.userId] = socket;
      next();
    });
  });
});

Assumptions for the code above: 1. You're using Express. 2. You're using cookie-parser and express-session. 3. your authentication mechanism creates a session.userId

上述代码的假设:1。您正在使用Express。你正在使用cookie-parser和express-session。 3.您的身份验证机制会创建session.userId

This creates a socket.io middleware which maps a session to a socket. If a new socket connection comes in for a user, we disconnect the other socket, and then create a new socket/session map.

这将创建一个socket.io中间件,它将会话映射到套接字。如果为用户提供了新的套接字连接,我们将断开另一个套接字,然后创建一个新的套接字/会话映射。

#2


2  

Since most server-side techniques don't scale because they require you to hold state server-side, I'd go with a client-side approach. You could communicate between windows using cookies, and make sure only one client "owns" the cookie at any given time. Maybe use something like the Raft Consensus Algorithm to pick which window is the active one, then have the other display "Multiple sessions not allowed."

由于大多数服务器端技术无法扩展,因为它们需要您保持状态服务器端,因此我采用客户端方法。您可以使用cookie在窗口之间进行通信,并确保在任何给定时间只有一个客户“拥有”cookie。也许使用像Raft Consensus Algorithm这样的东西来选择哪个窗口是活动窗口,然后让另一个显示“不允许多个会话”。