DWQA QuestionsCategory: DatabaseRedis stores the session. How can repeated login make the previous session invalid?
dyllen asked 4 weeks ago

Session ID is used as the key. If I log in again, how can I make the last session invalid?

4 Answers
dyllen answered 4 weeks ago

Store a session ID as key and uid as value as session storage.
Save a uid as the key and the session ID as the value, which is used to call repeatedly to make the last session invalid.

OrdinaryYZH replied 4 weeks ago

pretty good!

meluo answered 4 weeks ago

In general, if the user exits manually, we will use the program to clean up the session
In the second shift, the browser is not used for a long time, which exceeds the session validity period set by us. Landing again will fail.
In the case of class three, as long as the cookie is not effective, after logging in again, we will clean up the session first, and then put the data.

dyllen replied 4 weeks ago

Now the question is how do I clean up the session of the last login user? Session ID is the key of redis. I don’t know what the key was last time?

meluo replied 4 weeks ago

If you don’t know the last key, let it be new. The last key will automatically expire, of course, if you have set it.

dyllen replied 4 weeks ago

Then, such a user will have two sessions available at the same time in a period of time.

morethink answered 4 weeks ago

Redis has three key deletion policies:

  • Timed delete: create a timer while setting the expiration time of the key

When the expiration time comes, the key is divided immediately.

  • Lazy deletion: let the key expire, but every time you get a key from the key space, check whether the obtained key is valid or not

If it is expired, the key will be deleted; if not, it will be returned.

  • Regular deletion: every once in a while, the program checks the database to delete the expired key. to

How many expired keys to delete and how many databases to check are determined by the algorithm.
Redis server actually uses two strategies: lazy deletion and periodic deletion. By using these two strategies together, the server can achieve a good balance between using CPU time reasonably and avoiding wasting memory space.
In fact, as long as it is configured according to the actual situation, redis has completed the deletion of the expired key by default.

dyllen replied 4 weeks ago

The user calls the login interface again, and the last session has not expired. How can I make the last session expired? I don’t know the last session ID

Poised_flw answered 4 weeks ago

If the user is already logged in when logging in again, you will not be able to get the session automatically_ ID. Then you can go to redis to kill or directly cover.

dyllen replied 4 weeks ago

I write API. If people don’t pass any parameters, then I don’t know the original ID?

Poised_flw replied 4 weeks ago

Then don’t use session_ ID is the key. Use userid or something. userid:session_ ID

dyllen replied 4 weeks ago

You don’t know which key was last time, because you don’t know the session ID of last time.