登录验证同一ip，同一浏览器ua，注销符合条件的session，降低验证出错的几率

power-admin/src/main/java/com/manage/controller/LoginController.java

@@ -36,6 +36,8 @@ public class LoginController {
     private LogService logService;
     @Autowired
     private Power_DeptService power_deptService;
+    @Autowired
+    LoginService loginService;
 
     @RequestMapping(value = "login",method = RequestMethod.GET)
     public String toLogin(Model model){
@@ -45,6 +47,9 @@ public class LoginController {
 
     @RequestMapping(value = "login",method = RequestMethod.POST)
     public String login(Power_User powerUser,HttpServletResponse response, HttpServletRequest request,Model model){
+        //2021/9/22实际校验调用
+        loginService.checkOnlyOneUser(request);
+
         try {
             Power_UserVo user = powerUserService.findPowerUserByUserNameAndUserPwd(powerUser);
             //添加进操作日志

power-admin/src/main/java/com/manage/service/LoginService.java

@@ -0,0 +1,35 @@
+package com.manage.service;
+
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.HashMap;
+
+/**
+ * @author 谢铭
+ * @date 2021/9/22
+ * 校验是否同一ip、同一浏览器下多用户登陆，并且移除符合条件的session
+ * hashmap全局存储用户，利用hashmap去重保持同一浏览器同一ip，只有一个session信息被保存
+ */
+
+@Service
+public class LoginService {
+    private static HashMap<String, HttpSession> userIdMap = new HashMap<>();
+
+    public void checkOnlyOneUser(HttpServletRequest request) {
+        //key，ip+ua共同构成单用户识别码
+        String ip = request.getRemoteAddr();
+        String ua = request.getHeader("user-agent");
+        String key = ip + ua;
+        //value为session
+        HttpSession session = request.getSession();
+        //判断是否存在key，存在就执行session过期的方法
+        if (userIdMap.containsKey(key)) {
+            //非空就是保存过，就清理指定sessionId对应的session,处理完正常登录
+            userIdMap.get(key).invalidate();
+        }
+        //放入新的key，value，正常登陆
+        userIdMap.put(key, session);
+    }
+}