Zephr User Guide

Restrict Account Sharing

75 views 0

Many sites offering subscriptions do so with a limitation on how many concurrent sessions a user can have. This reduces the oversharing of accounts and access to premium content.

Note: These settings can only be used with the Zephr CDN.

You can limit user sessions in the following ways:

  • For Anonymous Users, you can use browser fingerprinting, which helps to avoid additional access for users who clear their cache to reset their session

    Browser fingerprinting is a method of data collection about a computer or device for identification purposes. It can be used for the following:

    • To identify anonymous users and devices; even if cookies are disabled
    • To check whether an end user is entitled to an anonymous user trial, such as free content views

      If browser fingerprinting is used, Zephr can check whether a user has been granted a trial previously, and avoid granting it again.

      If browser fingerprinting is not used, the end user can clear their cookies and start a new session by returning to your site. This would start a new trial and potentially provide further free access to content

    To enable browser fingerprinting, select the Use browser fingerprinting for anonymous users checkbox, as illustrated below:

    Allow browser fingerprinting checkbox

  • For Registered Users, you can limit account sharing and the number of active sessions allowed for an account

    A session is created every time an end user logs in to your site, and is specific to the browser and device used to log in. Sessions last for one year, unless the end user logs out.

    For example, you could be reading a site using a browser on your desktop and also have an active session on your mobile device from a previous login. This would mean that you have two active sessions.

    To control the number of concurrent user sessions, select the Require concurrent user sessions checkbox and enter the number of sessions to allow in the Maximum number of concurrent sessions per user text box, as illustrated below:

    Restricting concurrent user sessions to 3

    If an end user logs in using a different browser and device, which exceeds the defined limit, you can configure the following behaviour:

    • They are automatically logged out of the oldest session

      This is the default behaviour.

      For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, when they log in on their tablet, they are automatically logged out of the session on their mobile device. If they want to visit your site again on their mobile device, they must log in.

    • They cannot log in

      To prevent the user from logging in when they reach the defined limit, select the Prevent login over concurrent session limit checkbox, as illustrated below:

      Tick box to prevent user login when concurrent session limit is hit

      For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, they cannot log in on their tablet. In this case, an error message displays. To log in on the tablet, the user must log out of one of the other active session.

If you don’t want to configure any other settings, select the Save button. Otherwise, continue to define the configuration, as described in the Single Sign-on topic.