没有办法阻止用户在多个设备上进行身份验证.事实上:要知道同一用户在两台设备上，他们需要在两台设备上进行身份验证.

There is no way to prevent a user from authenticating on multiple devices. In fact: to know that the same user is on two devices, they'll need to authenticate on both devices.

根据您使用的后端服务，可能只允许从一台设备访问资源.

Depending on the back-end service that you're using, it may be possible to only allow resources to be accessed from one device.

例如，如果您的应用使用 Firebase 数据库，您可以在用户登录时将 InstanceID 令牌写入数据库.然后仅在没有令牌或令牌与最后的令牌匹配时才允许写入登录.然后您甚至可以警告用户，如果他们在第二台设备上登录，他们已经从另一台设备访问系统，应该先从那里注销.

For example, if your app uses the Firebase Database, you could write the InstanceID token into the database when the user logs in. And then only allow the write if there is no token yet, or the token matches the token that last logged in. You could then even warn the user if they log in on a second device, that they're already accessing the system from another device and should log out there first.

但这都是由问题案例造成的.

But this is all wrought with problem cases.

例如:您何时标记用户停止在一台设备上使用您的应用程序(即从数据库中删除 InstanceID 令牌)?他们什么时候退出?这意味着他们每次想要使用该应用程序时都必须登录，这是大多数用户不太喜欢的一种摩擦.

For example: when do you flag that a user stopped using your app on one device (i.e. delete the InstanceID token from the database)? When they log out? That means they'll have to log in every time they want to use the app, a type of friction most users don't like much.

或者您会尝试自动检测他们停止使用该应用程序，例如什么时候进入后台?如果您因为错误、崩溃或网络故障而错过那一刻，会发生什么?用户是否将无法在其他设备上使用该应用?

Or will you try to automatically detect that they stopped using the app, e.g. when it goes into the background? What happens if you miss that moment because of a bug, a crash, or a network glitch? Will the user then be unable to use the app from their other device?

出于这些以及更多原因，我通常建议反对这种单一设备策略:它比它值得的麻烦更多.

For these and many more reasons I usually recommend against such a single-device policy: it's more trouble than it's worth.

另见:

• 如何处理多个连接Firebase 上的同一用户?
• 如何防止同时登录使用 Firebase 的同一用户?