I save the number of login errors and time in the session. When the maximum number of errors is reached, I will not be able to log in. However, I can still log in after clearing the cookies. How should I solve it? Or is there any other way to limit the number of logins? Thanks!
我想大声告诉你2017-05-31 10:35:27
Add a field to the database and lock the account if the number of times is exceeded...
给我你的怀抱2017-05-31 10:35:27
Use memcache or redis for cache control
$key = login account
$value = Number of failed logins
$this->set($key,$value);
高洛峰2017-05-31 10:35:27
A situation like yours can only be handled through global caching. If you want to control the number of logins for a certain username, then
1. For keyvalue caching
unified data structure key=value => username={'number of logins':1}, and then use redis, memcache, mysql (Create cache table, column [key value], index hash key)
Directly $userinfo = $cacheobj->get('username') to obtain user information, determine the number of logins, and increase the number of logins $cacheobj-> set('username', $userinfo) write back
2. Incorporate it into the database login information table structure
Add a new login times column to the mysql user login table, and then call sql, obtain, judge, auto-increment, and update it
If you want to include time latitude, then
1. For keyvalue caching
the data structure is updated to user name = {'number of logins': 1, 'timeout time': timestamp}, and the judgment plus the time latitude is added to the judgment. When timeout occurs, the number of logins is set to 0
2. For non-mysql keyvalue cache (redis, memcache)
Direct $cacheobj->set('username', 'number of logins', timeout)
3. Incorporate it into the database login information table structure
In this case, add a timeout column
There are countless ways to implement it, mainly depending on the actual scenario and resources.
