First, yes you can allow only one session per user account. Just check the current active sessions for the username that is attempting to log in. As for keeping users from sharing that information, I can think of one way off the top of my head.
Make the users billing information viewable only to them when they log in under sort of a "profile" section. Billing address, phone numbers maybe even their cc if the server is secure enough (don�t yell at me). If you were using a "recurring billing" method for monthly membership fees, it would be justifiable to have this info and a section where the user can update their billing it. That's not the kind of information users give out very often. I'm just rambling off my first thoughts on it. The chances of a better idea are very good from this list though. cheers -----Original Message----- From: muzl hed [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 11, 2005 3:50 PM To: CF-Talk Subject: Preventing password sharing on a membership site I have a client with a paid membership site who recently saw a member post their login information on a public news group. Anybody have a suggestion as to how to stop people from sharing passwords? Is there a practical way to prevent multiple people from logging in with the same username/password simultaneously? Any best practices advice would certainly be appreciated. --------------------------------- Do you Yahoo!? The all-new My Yahoo! � Get yours free! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:190030 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
