王威思路其实很简单,在user表中新建个sid字段,每次用户执行登录操作是,更新sid字段,并将sid存入cookie。
然后比对cookie中的sid与数据库表中的sid是否一致,若不一致,则执行登出操作
LoginController
use Illuminate\Support\Facades\Cookie; use Illuminate\Support\Str;
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
if ($response = $this->authenticated($request, $this->guard()->user())) {
return $response;
}
$sid=Str::random(32); ////随机生成一个32为的字符串
Cookie::queue("sid",$sid,60*24*60);///将此字符串存入cookie,时长为60天
$this->guard()->user()->update(['sid'=>$sid]);///同时将sid更新到user表中
return $request->wantsJson()
? new JsonResponse([], 204)
: redirect()->intended($this->redirectPath());
}
新建一个middleware,AuthSid.php
use Illuminate\Support\Facades\Cookie;
use Auth;
public function handle(Request $request, Closure $next)
{
if(Cookie::get('sid')!=Auth::user()->sid){
Auth::guard()->logout();
return redirect(route('login'));
}
return $next($request);
}
Kernel.php中,将middleware加入
protected $routeMiddleware = [
///......
'auth.sid'=>\App\Http\Middleware\AuthSid::class,
///.......
];
最后,路由中加入auth.sid的middleware
此方法的缺陷
后面登录的人,会直接将前面的人挤下线,而前面的人不会得到任何通知
