mvc 簡單實現一個賬號只能在一個地方登入
1.在mvc專案中找到 Global.asax
//保證同一次會話的SessionID 不變
protected void Session_Start(object sender, EventArgs e) { }
protected void Session_End(object sender, EventArgs e) { Hashtable hOnline = (Hashtable)Application["Online"]; if (hOnline != null) { if (hOnline[Session.SessionID] != null) { hOnline.Remove(Session.SessionID); Application.Lock(); Application["Online"] = hOnline; Application.UnLock(); } } }
2.在LoginController中找到你的Index方法
HttpContext httpContext = System.Web.HttpContext.Current; var userOnline = (Hashtable)httpContext.Application["Online"];//(Dictionary<string, string>)httpContext.Application["Online"]; if (userOnline != null) { IDictionaryEnumerator enumerator = userOnline.GetEnumerator(); while (enumerator.MoveNext()) { if (enumerator.Value != null && enumerator.Value.ToString().Equals((acc.Code).ToString())) { userOnline[enumerator.Key.ToString()] = "_offline_"; break; } }
}
else { userOnline = new Hashtable(); } userOnline[Session.SessionID] = acc.Code;//唯一的編號,賬戶編號 httpContext.Application.Lock(); httpContext.Application["Online"] = userOnline; httpContext.Application.UnLock();
3.寫JS 時刻驗證是否有相同的ID
$(document).ready(function () { //定時檢測是否被強制下線 setInterval(function () { CheckIsForcedLogout(); }, 5000); });
//檢測是否被強制下線 function CheckIsForcedLogout() { $.ajax({ url: "/Login/CheckIsForcedLogout", type: "POST", dataType: "json", success: function (msg) { if (msg.OperateResult == "Success") { $.messager.alert('', msg.OperateData, 'error', function () { window.location.href = "http://" + window.location.host + "/Login"; // window.location.href = "/Account/Login"; }); } }, error: function (ex) { } }); }
4.在LoginContrcoller中寫方法 CheckIsForcedLogout()主要是檢查是否有相同的Id(賬戶編號)
[HttpPost] public JsonResult CheckIsForcedLogout() { try { HttpContext httpContext = System.Web.HttpContext.Current; Hashtable userOnline = (Hashtable)httpContext.Application["Online"]; if (userOnline != null) { if (userOnline.ContainsKey(httpContext.Session.SessionID)) { var value = userOnline[httpContext.Session.SessionID]; //判斷當前session儲存的值是否為被登出值 if (value != null && "_offline_".Equals(value)) { //驗證被登出則清空session userOnline.Remove(httpContext.Session.SessionID); httpContext.Application.Lock(); httpContext.Application["online"] = userOnline; httpContext.Application.UnLock();
string msg = "下線通知:當前賬號另一地點登入, 您被迫下線。若非本人操作,您的登入密碼很可能已經洩露,請及時改密。";
//登出,清除cookie FormsAuthentication.SignOut();
return Json(new { OperateResult = "Success", OperateData = msg }, JsonRequestBehavior.AllowGet); } } } return Json(new { OperateResult = "Failed" }, JsonRequestBehavior.AllowGet); } catch (Exception ex) { return Json(new { OperateResult = "Failed" }, JsonRequestBehavior.AllowGet); } }