My website has premium videos, for which users have to pay to watch it. I am sending a random user name and password to the user's email id when the payment is completed. Then I want to assure no more than one user use that login credentials simultaneously. For that I use a login_status column in database table with login credentials and change it to 1 when one user login and change to 0 when user log out. But the problem is, if the user close browser or network connection loss may happened will not update database. Then login_status will be 1 undefinitely and no one can use that login credentials again.
我的网站上有高级视频,用户必须付费才能观看。我在付款完成后向用户的电子邮件ID发送随机用户名和密码。然后我想确保不超过一个用户同时使用该登录凭据。为此,我在数据库表中使用login_status列和登录凭据,并在一个用户登录时将其更改为1,并在用户注销时更改为0。但问题是,如果用户关闭浏览器或网络连接丢失可能会发生更新数据库。然后login_status将无限期地为1,并且没有人可以再次使用该登录凭据。
Is there any idea to accomplish my task?
有什么想法完成我的任务吗?
3 个解决方案
#1
3
How about you write a timestamp into the database when the user logs in. You might have some logic to periodically update this value if the user is still logged in - for example, the page could make an AJAX request every 5 minutes to update the value or something.
当用户登录时,如何将时间戳写入数据库。如果用户仍然登录,您可能有一些逻辑定期更新此值 - 例如,页面可以每5分钟发出一次AJAX请求来更新值或者其他的东西。
Then, if the value is older than a certain threshold (say, 1 hour) you can allow a duplicate login through - which of course will reset the timestamp and prevent anyone else from accessing.
然后,如果该值超过某个阈值(例如,1小时),您可以允许重复登录 - 这当然会重置时间戳并阻止其他任何人访问。
#2
1
Try creating a custom session handler. The right place to store the data is alongside the session information - and you get the benefits of fully automatic garbage collection.
尝试创建自定义会话处理程序。存储数据的正确位置与会话信息一起 - 您可以获得全自动垃圾收集的好处。
You might also want to combine this with using a cookie with a fixed (but updating) expiry time - so users can resume their session after closing their browsers rather than having to wait for the garbage collection to reap the expired session.
您可能还希望将此与使用具有固定(但更新)到期时间的cookie相结合 - 这样用户可以在关闭浏览器后恢复其会话,而不必等待垃圾收集来收获过期的会话。
C.
#3
0
Periodically (hourly?) go through the database and change all of the login_statuses to 0.
定期(每小时?)遍历数据库并将所有login_statuses更改为0。
Change it back to 1 when the user uses the site for whatever reason.
当用户出于某种原因使用网站时,将其更改回1。
That way, no one will be locked out for more than 1 hour at a time.
这样一来,没有人会被锁定超过1小时。
#1
3
How about you write a timestamp into the database when the user logs in. You might have some logic to periodically update this value if the user is still logged in - for example, the page could make an AJAX request every 5 minutes to update the value or something.
当用户登录时,如何将时间戳写入数据库。如果用户仍然登录,您可能有一些逻辑定期更新此值 - 例如,页面可以每5分钟发出一次AJAX请求来更新值或者其他的东西。
Then, if the value is older than a certain threshold (say, 1 hour) you can allow a duplicate login through - which of course will reset the timestamp and prevent anyone else from accessing.
然后,如果该值超过某个阈值(例如,1小时),您可以允许重复登录 - 这当然会重置时间戳并阻止其他任何人访问。
#2
1
Try creating a custom session handler. The right place to store the data is alongside the session information - and you get the benefits of fully automatic garbage collection.
尝试创建自定义会话处理程序。存储数据的正确位置与会话信息一起 - 您可以获得全自动垃圾收集的好处。
You might also want to combine this with using a cookie with a fixed (but updating) expiry time - so users can resume their session after closing their browsers rather than having to wait for the garbage collection to reap the expired session.
您可能还希望将此与使用具有固定(但更新)到期时间的cookie相结合 - 这样用户可以在关闭浏览器后恢复其会话,而不必等待垃圾收集来收获过期的会话。
C.
#3
0
Periodically (hourly?) go through the database and change all of the login_statuses to 0.
定期(每小时?)遍历数据库并将所有login_statuses更改为0。
Change it back to 1 when the user uses the site for whatever reason.
当用户出于某种原因使用网站时,将其更改回1。
That way, no one will be locked out for more than 1 hour at a time.
这样一来,没有人会被锁定超过1小时。