Prevent multiple people using one account

scoppc

I have a website with premium and free members.
Premium members, it goes without saying, need to pay before they can enjoy some special features within the site.

Now, I want to prevent premium members share their ID and password with others.

My current plan is to log every request by premium ID in the database and later observe the log file to determine whether an ID has been shared or not.

My table will hold: the user ID, date and time, page requested, and IP address.

If 2 different IP address are accessing the page within my website using the same ID within a very close time. Then the ID should be marked as 'shared'.

Any other best practices to this?
or do u see any flaws on my logic?

thx alot

jmrouleau

A premium member must get alot for all of that work....geez.

Good luck with that.

jmrouleau

btw....what if several the same login comes from several ip's in a longer period of time...there is no way to tell if it is the same person using different computers or if it is multiple people that never happen to login around the same time.

Isn't their some sort of personalization to their login that would make it pointless for someone else to use. (Or a way to make it personalized)

MarkR

What you should do is have a client-side session cookie set with some random value (I use sessions because PHP does this anyway).

Record the session ID currently associated with the account. If someone logs in from a different session ID, you can detect it and log the 1st user out.

Bear in mind that some users have multi-homed or round-robin proxies, so successive requests can easily come from different IP addresses legitimately.

When we detect two logins in the same account, both of them get thrown out to the logon page with an error message. This lets them know that someone else is using their account.

Moreover, we can log it for our own purposes anyway. As it's a networking site, I don't think people would want to legitimately share an account.

Mark

kakki

maybe you can add client-side js to detect all available options of that user (screen-size, ...)

btw, how does google do that?

bogu

For screen resolution:

screen.width; screen.height;

Just google it ...