brian_t
04-19-2007, 08:09 AM
Has anyone found a good method of preventing account sharing for subscription based websites that they can share? :confused:
I know you can track IP,login activity from a login perspective, but how do you know each time they login, that they are not using someone's username/password? IP's are mostly dynamic and therefore are not a good indicator of account misuse...
Eduardo Lorenzo
04-19-2007, 08:14 AM
This issue is really very broad. If I understand your post correctly, you are asking for a "good" method to try to stop users from logging in using someone else's account? "Good" is of course relevant.
There are some choices you have aside from IP.
Cookies can serve this purpose but the client side must allow cookies.
There really is no surefire 100% way to deter the use of someone else's account without the help of the client.
But as one of the moderators here has eloquently stated before "Many have perished trying to protect man's right to stupidity."
my point is, no matter what the developer does, there is no sure way to stop this.
brian_t
04-19-2007, 08:22 AM
Yes, you defined the problem correctly.
What type of data would I store in a cookie help validate an account? (Assuming the client has cookies enabled)
Eduardo Lorenzo
04-19-2007, 09:04 AM
OK. This will be under the assumption that the client has cookies enabled.
You still have choices;
1. Uname/Password + IP
2. Uname/Password + UniqueIdentifier
This uniqueIdentifier will come from you the first time you give the client the cookie. Like this:
* On first time logon or on registration, generate an identifier for this account, on this machine and save that in the cookie.
Now this approach will delimit the user to using his/her account exclusively on his/her machine. And another person with a valid account cannot use THIS machine to log-in.