I did in the past implement something like you said about putting a flag in the DB whenever a user logs in and not allowing further logins unless there is first a log off. The problems that came up was that quite a few people were on dial up and when they lost the connection and logged in again they were flagged and not allowed entry which created customer service headaches. And some users lose connections sometimes 3-4 times in a row.
>> From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >I worked on a site a while back where we had the same problem, users sharing >information to login. What I did was to switch their login information to >their SSN number or credit card number. People are less likely to share such >personal information with others. The downside is that you better be sure >you can protect that information on your end, i.e. hash it. Then compare the >hash to the a hash of their entered login info. On top of that use flags in >your DB to denote when a user logs in and when they log off and do not allow >a login to be successful if there is someone already logged in using the >same info. There are other approaches but this one worked for me and dropped >multiple logon attempts almost 100%. Those that keep trying get banned, no >refund. :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204111 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
