1:数据库添加登录字段,来验证
2:通过session来验证
下面是方案2的具体实现思路:
登录时候校检..将登录id(userId)和sessionId通过map的形式保存起来
可以创建拦截器或过滤器
登出
主要代码如下
public class SingleLoginFilter implements Filter {
private static final Log log = LogFactory.getLog(SingleLoginFilter.class);
public static Map<String, String> optionMap = new HashMap<String, String>();
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
HttpSession session = ((HttpServletRequest)request).getSession();
Object sUser = session.getAttribute("user");
if (sUser==null) {//用户为空不拦截
filterChain.doFilter(request, response);
return;
}
JSONObject jUser = (JSONObject)sUser;
String userId = jUser.getString("userId");
//查看session中是否存在user的登录信息
String sessionId = getRequestSessionId((HttpServletRequest)request);
if(sessionId!=null&&sessionId.equals(optionMap.get(userId))) {
filterChain.doFilter(request, response);
} else {
//页面提示登录失效或您的账号已在其它地点登录
log.info("用户账号 "+userId+" 被强制挤下线,sessionId为:"+sessionId);
((HttpServletResponse) response).setHeader("content-type", "text/html;charset=UTF-8");
// response.getWriter().write("{\"status\":10000,\"message\":\"您的账号已失效,或在其它地点登录\"}");
session.removeAttribute("user");
response.getWriter().write("<script>alert('您的账号已在其它地点登录');window.location.href='login.html'</script>");
}
}
public static String getRequestSessionId(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if(cookie.getName()!=null&&cookie.getName().startsWith("JSESSIONID")) {
return cookie.getValue();
}
}
return null;
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
用户登录之后进行此操作:
SingleLoginFilter.optionMap.put(loginId, SingleLoginFilter.getRequestSessionId(((HttpServletRequest)request)));
((HttpServletRequest)request).getSession().setAttribute("user", dbuser);