I saw this problem in the forum, the original text is as follows:
http://topic.csdn.net/u/20110622/09/a28dbb5d-d5cb-4f05-9bbc-83bca3bf8531.html
There are many practices on this topic online, such as setting fields and session records in the database. But there is no perfect solution to the problem. The key to the problem lies in how to make the login status null when the web page is closed, forcibly close the browser, intercept the task manager thread, unexpected client power failure, etc., which cannot be captured.
Can I use page refresh to send a request to the server? Will the server load be high?
In addition, I use the iframe framework, how to perform regular refresh, who has the complete code (including the setting when login cannot be repeated login, the page refreshes regularly, and the login status is set to null when the browser is closed)
My point of view:
I recently discovered some web games. Once you log in, the old one will pop up a window saying [You have logged in at another location, this page will automatically log out].
Based on this method, I don't think you should work hard on how to prevent people from logging in repeatedly. After all, the http protocol used by B/S is stateless and non-persistent. We can consider that the newly logged-in users can log in with the same account before, so that they cannot perform any operations to achieve the same effect: in a system, there is only one valid login for the same account.
The specific approach is relatively simple:
1 When logging in, a unique identifier is generated and then associated with the user name. The logo is saved in the session or cookie for the next visit.
2 The next time you visit, determine whether the identifier and the user name are associated with the same. If they are not the same, then it is determined that the login has been repeated, and the session is automatically logged out.
It's that simple. You can log in repeatedly, but you cannot do anything with the previous login.