I use express-session middleware to save user session information. Now I have a requirement that I don’t know how to implement, that is, how can I do the same account, and I only allow him to have one login instance. For example, if account A logs in to the system, then I will kill the last session of account A when account A logs in to the system on other browsers or machines. I don’t know exactly what to do. Who can give me some advice?
Here’s how you store user information:
Log in user ua on browser a and assign sid1. at this time, you need to associate sid1 with your logged-in user. the temporary relationship is assumed to be
sid1 <-> uida
Now the user ua is logged on to browser b, and sid2 is assigned at this time, so you need to find out the corresponding relation you stored and update it.
sid2 <-> uida
In this way, if browser a visits your website again, then you need to check the correspondence to determine whether you have logged in
Personally, I understand that there is no verification. It is recommended to use redis to store the corresponding relationship. At this time, there are 2 relationships:
key | value sid | userinfo uid | sid
To access the server, first check the sid to get the uid, then get the correct sid according to the uid, and compare the two SIDs