On Wed, Sep 17, 2003 at 08:39:58AM +0200, Frank Maas wrote: > Ged wrote: > >>> How to avoid multiple logins? > >>> > >>> The short answer is: you can't. > > > > Sure you can. Charge $10 per login. > > I don't want to clobber the list with non-technical trivia, but > even when you charge money, you can't avoid it. If only there is > one user that is willing to pay the amount twice, your scheme > is broken. As with technical solutions: the higher the amount > you charge, the lesser the risk of people doing it. But the > risk remains...
The only nearly reliable way I have found of doing this is to impliment a two stage registration process. Normal online registration with a face to face sales meeting where the account is activated. This however requires significant investment in an offline process and backoffice. On the down side people can always :- A. Use another legitimate account (Beg, Borrow, Steal) B. Have another meeting where an actor obtains the new acount details (Fraud). In respect to client side cookies this does not help as I will often in the case of system testing use multiple machines (Unix/Windows) with multiple browser versions. Your best be is to use server side token versioning which will prevent multiple browsers simultaniously using the same login but does not prevent different logins being used. Hope it helps Paddy