I believe the adult sites (to whom we should be grateful for figureing out a great many of the technical innovations we take for granted on the net) work this on the basis that if the same username/password is used from different IP addresses inside a certain time limit, the users are logged out and the account is disabled with a "contact the support centre" message. The user is then required to show why they should be allowed back on the system again.
It's the time limit thing that's the key. If it's set right, it allows for people to log off the net and log back on with a different ip address and still allow them to log in - that'll take a minimum of say 3 minutes so if the same username/password is used from different IPs inside 3 minutes, they're out. Typically, the adult sites seem to be assuming that if a u/p is published in a newsgroup there'll be a rush of logins and that will account for most of the sharing. What happens if one user gives the u/p to a single friend, I'm not sure. Perhaps they just live with that. Cheers Mike Kear Windsor, NSW, Australia Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On Tue, 11 Jan 2005 21:28:49 -0800, Ian Skinner <[EMAIL PROTECTED]> wrote: > Expanding on the allow only one session per user suggestion. Don't warn > subsequeint users that they can not log in because the username and > password are currently on the system. Log out any earlier users. This > has the benifit that if somebody got kicked out due to crashing browsers > or what not, they can log in without having to wait for some session > values to time out. It also gets clear pretty quick that if a bunch of > people are trying to use the system with the same UN and PW, they aren't > going to last long before they are kicked of by the next person doing > this. Of course you will have a simple way for a user to change this if > their UN and PW has been leaked and they start to suffer this problem. > Finally, you can log this kind of activity for later review and action > if necessary. > > Now, how you actually do any and all of this, I will leave up to my more > expierenced collegues. I've never actually had to do this, so these are > just thoughts I've had for a someday case. > > Ian Skinner > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:190050 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
