Rifts Posted February 12, 2012 Share Posted February 12, 2012 Hey guys, I'm working on a paid php tool where users would pay monthly and be able to log in and use the tool. What is the best way to prevent people from sharing accounts? I was thinking about something like keeping track of ips but what if people use the tool at home and work. What do you guys think? Quote Link to comment Share on other sites More sharing options...
Psycho Posted February 12, 2012 Share Posted February 12, 2012 Well, as you just said you can't use the IP address since that would change. So, you can never really know if the person using an account is the same person or not. If you try to verify if the person logging into an account is the same person or not you are going to cause a lot of difficulty for your users and you. The least painful implementation would be to ensure you don't have the same login being used concurrently. But, since you never know if a user will log out vs. just closing the browser window you would have to implement a time-limit. For example, when someone completes the login you would store their IP in a table. Then on each page load you would save a "last_activity" timestamp. Then when a user attempts to log in you would see if there was a last_activity for the user at a different IP address within the lat 15 minutes (?) or whatever time period you want. You could then prevent the new user from logging in until the first session has expired or you could allow the new user to log in and terminate the previous users session. Basically there are any number of avenues you can take here. Quote Link to comment Share on other sites More sharing options...
Rifts Posted February 12, 2012 Author Share Posted February 12, 2012 Thank you! I appreciate you writing all that, gives me a good place to start. Anyone else with ideas feel free to add! =] Quote Link to comment Share on other sites More sharing options...
Rifts Posted February 16, 2012 Author Share Posted February 16, 2012 been a few days... bump Quote Link to comment Share on other sites More sharing options...
scootstah Posted February 16, 2012 Share Posted February 16, 2012 On lynda.com you can only be signed in on any device at one time. So if you sign in on your desktop and then sign in on your laptop, it will invalidate the desktop. It would be pretty easy to implement, just invalidate the session of the same ID when it logs in again. You could even use an AJAX script to log them out automatically. Quote Link to comment Share on other sites More sharing options...
jhsachs Posted February 28, 2012 Share Posted February 28, 2012 You might try a different business model that solves your most worrisome problems without creating too many new ones. For example: charge for resources used instead of a flat fee per user per month. This would solve the problem of account sharing, not by preventing it, but by making it pointless. If that doesn't work for you, maybe some other innovation will. The important thing is to see whether thinking outside the box will help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.