[SOLVED] multiple simultaneous sessions with the same user

9 years 3 months ago #133836 by hvus
Is it possible to avoid the login for one username in deifferent computers?

I saw several users displayed in the control panel with the same username. I would like to know if they are sharing the username-password or if Joomla has this problem to accept that.

Multiple simultaneous sessions with the same username, I would like to cancel.

Do you have any idea how to dissable this to be happen using cb 1.2.2 and cbsubs 1.0.3. ?

Thank you for your help.

hv

Post edited by: krileon, at: 2010/12/07 21:10
9 years 3 months ago #133891 by krileon
Not without a new CB plugin, this is not something CBSubs handles or can handle. You'd need to use the trigger onAfterLogin and check the database for sessions that don't match the current users IP address; if any exist you'd need to delete them. For further usage information of CB Triggers please see tutorials in my signature.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
8 years 9 months ago #147923 by metro_preps
Krileon,

Preventing multiple simultaneous logins with the same username is something that I'm keenly interested as well. I would assume that any CB Subs user is going to want to prevent paid subscribers from giving out their usernames and passwords for others to use for free -- without any inconvenience or negative consequences whatsover.

This strikes me as a huge loophole in the "pay-for-content" strategy that CB Subs is intended to enable.

Human nature being what it is, people are going to cheat. I understand that, but why make it easy for them to do so?

I would hope that the CB developer community will recognize this as a serious shortcoming and work on developing a plug in to resolve the issue.

In the meantime, if anyone has any thoughts about how to deal with the problem in an effective manner, I'm eager to hear them.
8 years 9 months ago #147948 by krileon
Don't see this as a loophole by any means. It's simply how Joomla works, which is what CBs base is. You could develop a plugin to delete old sessions, but that could inconvenience legitimate users by constantly killing their sessions. Joomla handles and sets the session based off data passed by CB. CB directly doesn't touch the session (stores a copy in its own database though).

You certainly could develop a plugin to delete duplicate sessions, but how? By age? What if the eldest is the legit session? By IP? What if they're on a dynamic IP address and it changes constantly? There's just nothing to base the validity off. You certainly can't trust what information the users browser gives your site either. Cookies are local so there's no way to check against one users cookie to another. It's just not very probable or efficient to know who the legitimate account is.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
8 years 9 months ago #147957 by metro_preps
Krileon,

Your response seems to be "I can't think of an effective solution, therefore there is no problem."

But, in fact, there is a problem, and here it is:

1. CBSubs is intended to restrict content to paid subscribers.

2. People other than paid subscribers can easily access the "protected" content via complicity of a paid subscriber who provides the freeloader with his username and password.

3. The complicit paid subscriber and the freeloader can then log in at the same time with neither suffering any adverse performance consequences.

4. Ergo, there is a loophole in the system. CBSubs attempts to restrict access to content but does not address the most basic means of bypassing those restrictions: multiple simultaneous logins with a legitimate paid subscription.

Perhaps one additional factor I should mention is that in my particular application, the subscribers have opportunities for actual face-to-face relationships rather than just online relationships. Obviously, this greatly enhances the likelihood of collusion (a/k/a petty larceny).

What are my options? Stare at the "Who's Online" panel of the Admin, watch for multiple logins and then deal individually with offending users?

You're a smart guy. I bet you can figure something out if you put your mind to it. But, as usual, the first step is admitting that there is a problem.

And, certainly, from my point of view as a guy who counts on paid subscriptions, there is.
8 years 9 months ago #147962 by metro_preps
I would also say that as far as your idea of a plug in to delete duplicate sessions, I would vote for that. I wouldn't be too worried about inconveniencing a legitimate user since, in a case where a legitimate user has given another person his username and password in an attempt to defraud the site owner, there is very little legitimacy to be protected. Perhaps a bit of inconvenience might send the proper message.
Moderators: beatnantkrileon
Time to create page: 0.401 seconds
Facebook Twitter Google LinkedIn