On Aug 13, 1:14 pm, Marnen Laibow-Koser <rails-mailing-l...@andreas- s.net> wrote: > Alpha Blue wrote: > > Hi Marnen, > > > Well I run a subscription service on my site that after week 4 will be > > activated. I just want to make sure that someone doesn't give their > > logins to 30 of their friends so that they can use the subscription for > > free and all 30 people logged in simultaneously under the same account > > name. > > If you have features that make it advantageous to have a user account, > people are going to want their own accounts. I believe this is a case > where the appropriate solution is not a technological one. > > > > > So, I'm looking for a good source to follow and I'm trying to implement > > a restriction of say 3 simultaneous logins per account. > > Don't bother unless you somehow tie it to IP address. And even then, I > think it will frustrate the user and drive him away from your site. > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > [email protected] > > -- > Posted viahttp://www.ruby-forum.com/.
How would these be frustrating for users? There are a couple ways I can think to implement this. First, as was mentioned, restrict login to only the first (or first 3, whatever) successful logins. You'd store the successful login IPs in another table, and just have login fail when there's three or whatever IPs for a given user. Delete the corresponding row when a user logs out. One problem with this, though, is that it does absolutely nothing to prevent multiple users sharing an IP (such as being a VPN or proxy) to login once one is successful. I also suppose it might be helpful to automatically "expire" inactive IPs after a certain amount of time, but I'm not sure that actually addresses the issue at hand. Actually the other ways I thought of are pretty horrible, and even the above both doesn't address the problem your facing *and* makes it harder for the user to make full use of there account. So yeah, forgo trying to enforce this via technology. If you do need to though, you can at least track the login habits of users, and maybe warn those who are massively abusing their privileges. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
