Preventing users having two accounts

[Yesideez]

Hi all, working on a site where users log in and we've hit a small problem where users have been creating more than one account (which is against the rules) and logging into one in IE and another on Firefox.

 

Is there a way that this can be prevented?

 

Ideally we'd like it so that if someone logs in to one account on IE if they try and log in on FF then the second login will be refused. We thought of going by IP but ruled this out for those that share a connection like schools and home networks.

[Yesideez]

Is anyone able to help?

[alecks]

I think, IP may be the only way to go  :-X

 

As far as I know, cookies and sessions are kept separate (IE's cookies and sessions are separate from FF's cookies and sessions). So that rules that out. What else is there?

 

- Looking for login patterns?

    This would be a problem if your site grows to the point that many people are logging in all the time at random times.

 

- Checking IP addresses

    As you said, this could be a problem for those who share IP addresses.

 

Ah! Maybe you could combine looking for login patters and IP addresses? Ex. if some one logs in from a school at 10:30, and someone else at 10:31, then it's likely that they are the same person. But if someone from one IP address logs in at 10:30, and the other 5 hours later, then it's likely they are not the same person!

 

Then again, this also could cause many problems (what if the people who log in at 10:30 and 10:31 are different people, but friends?). There's also the coding aspect, I imagine it would be a bit more complicated.

 

Yes, I think IP may be the only solution. You could also try making it inconvenient for the user to make two+ different accounts. You probably already have this, but you could do things such as allowing only one email to one username, or having them enter extra details such as name, etc.

[Glyde]

Just require them to supply and email and check for another email, it's the only truly reliable way you can do this.  Then you, as the administrator, can do a sweep of the DB every once in a while and see all of the users that have the same IP's and check to see if the emails are anything alike.  For example, if I came to your site, and signed up with an email myemail@msn.com; and the next day I came and signed up on the same computer with the email myemail@hotmail.com; it's probably pretty safe for you to assume it's the same user.

[MadTechie]

or use an address based system, you will have to post them their password, takes a few days and costs but...

 

theirs no 100% way.. emails and ip checking work well, i also used cookies, so i knew what users used the same PC, again nothing is 100%

 

the postal service was a joke, but i guess most people have fewer houses then email addresses

lol

[sw0o0sh]

Explode the IP Address for the ones that have an IP address that changes the last few areas every now and then, (ex: aol), then run a (for/while check) breaking both the users current ip and that which is stored in the databases to see if you have any "relevant" matches. Topped on an email check, session combined with an ip check, cookie check, block out proxy access, and ofcourse the username check.