Yii2 防止用户重复登录

1.新建存放用户登录口令token的表，并生成model

CREATE TABLE IF NOT EXISTS `tbl_admin_session` (
`session_id` int(11) NOT NULL AUTO_INCREMENT,
`id` int(11) NOT NULL,
`session_token` varchar(56) NOT NULL,
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;

然后在模型login中添加方法：

public function insertSession($id,$sessionToken)
{
$loginAdmin = AdminSession::findOne(['id' => $id]); //查询admin_session表中是否有用户的登录记录
if(!$loginAdmin){ //如果没有记录则新建此记录
$sessionModel = new AdminSession();
$sessionModel->id = $id;
$sessionModel->session_token = $sessionToken;
$result = $sessionModel->save();
}else{          //如果存在记录（则说明用户之前登录过）则更新用户登录token
$loginAdmin->session_token = $sessionToken;
$result = $loginAdmin->update();
}
return $result;
}

2.SiteController中的actionLogin操作中生成token，分别存入tbl_admin_session表和session变量中，

public function actionLogin()
{
if (!\Yii::$app->user->isGuest) {
return $this->goHome();
}

$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {

//使用session和表tbl_admin_session记录登录账号的token:time&id&ip,并进行MD5加密
$id = Yii::$app->user->id;     //登录用户的ID
$username = $model->username; //登录账号
$ip = Yii::$app->request->userIP; //登录用户主机IP
$token = md5(sprintf("%s&%s&%s",time(),$id,$ip));  //将用户登录时的时间、用户ID和IP联合加密成token存入表

$session = Yii::$app->session;
$session->set(md5(sprintf("%s&%s",$id,$username)),$token);  //将token存到session变量中
//？存session token值没必要取键名为$id&$username ,目的是标识用户登录token的键，$id或$username就可以

$model->insertSession($id,$token);//将token存到tbl_admin_session

return $this->goBack();
} else {
return $this->render('login', [
'model' => $model,
]);
}
}

3.新建访问过滤器

<?php
/**
* Created by PhpStorm.
* User: jiangyan
* Date: 2016-05-18
* Time: 17:22
*/
namespace backend\libs;

use backend\models\AdminSession;
use Yii;
use yii\base\ActionFilter;
use yii\web\UnauthorizedHttpException;

class CheckerFilter extends ActionFilter
{
public function beforeAction($action)
{
if(!parent::beforeAction($action)) {
return false;
}

//rbac访问控制
$controllerID = Yii::$app->controller->id;
$actionID = $action->id;
$permissionName = $controllerID . '/' . $actionID;
if(!Yii::$app->user->can($permissionName) && Yii::$app->getErrorHandler()->exception === null && !Yii::$app->user->isGuest && $controllerID != 'admin' && $actionID != 'logout' && $actionID != 'view-self' && $actionID !='update-self') {
throw new UnauthorizedHttpException('对不起， 您现在还没获得此操作的权限');
} else {
//            return true;
//登录  所有操作都虚经过过滤器控制输出
if(!Yii::$app->user->isGuest && $actionID != 'logout')
{
$id = Yii::$app->user->id;
$session = Yii::$app->session;
$username = Yii::$app->user->identity->username;
$tokenSES = $session->get(md5(sprintf("%s&%s",$id,$username))); //取出session中的用户登录token
$sessionTBL = AdminSession::findOne(['id' => $id]);
$tokenTBL = $sessionTBL->session_token;

if($tokenSES != $tokenTBL)  //如果用户登录在 session中token不同于数据表中token
{
Yii::$app->user->logout(); //执行登出操作
Yii::$app->run();

}
}
}
return true;
}
}

4..在每个控制器中添加访问过滤器

public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
'checker' => [
'class' => 'backend\libs\CheckerFilter',
],
/*            'myCheck' => [
'class' => 'backend\libs\MyCheckFilter'
],*/
];
}