How To Disallow Multi-Login?

Fortis · March 4, 2014, 10:04am

Hello everyone!

Maybe its a rather simple problem, but i can not solve it:

The idea is that when user is logged in from one browser, all other website instances must logout him.

As for simple php+mysql, it is rather straight forward: we make a note of session_id in the mysql when user is logged in and then on every request we check their equality (i.e. smth like "select count(*) from … where sessid=$sessid and id=$id" inserted at the index.php once) and if fails, make a logout.

As for Yii, i can insert a check like




$multilogin_check = (Yii::$app->user->identity->sessid === Yii::$app->session->getId()) ? true : false;

if(!$multilogin_check) {$this->actionLogout();}

in every action of every controller, but i believe there is a much simplier solution.

I tried to use beforeAction() and init() functions of my controllers, but both of them are called before User::findIdentity() is called, so i get "trying to access a property of a non-object" for identity->sessid.

Thanks in advance for any ideas!

CeBe · March 5, 2014, 8:01pm

You can extend yii\web\User and add a check in the right place there.

Fortis · March 5, 2014, 9:01pm

Thanks, i’ll try this.

Actually, i have never try to extend yii classes yet (but it seems the time has come for this)… In yii1, according to wikis, it was recommended to put extended classes into protected/components, where i should keep them in yii2? And, if i got the idea correctly, the title of the class should be like "MyUser extends \yii\web\User"?

CeBe · March 5, 2014, 9:05pm

The name is up to you and you are also free to put it where you like. app/components is a good place for it though.

Fortis · March 6, 2014, 5:11am

OK, thanks!