I am working on a trading site people would be paying a monthly subscription. From what I read amember is the best but I read the FAQ part about letting two people sign in under the same username and password. It stated that there is no way to detect that but there has to be a way to stop that because there are other sites that have that kind of protection. Is there a system that will allow that?
aMember does include account prevention through a 2 variable valuation: 1) How many IP addresses a user is allowed to log in under 2) Time frame by which #1 should be evaluated example: 3 IP addresses in 120 minutes
But there is not a way to do it instantly so two people can be logged in for a certain amount of time correct?
Well you could set it to 1 IP address in 'x' minutes. example: 1 IP in 60 minutes This would essentially mean that if more than 1 IP was detected in a 60 minutes it would consider this an issue and lock the account. Where you run into issues is the question of what constitutes two people? From dynamic IP addresses in a single location, to a single person logging on to multiple locations (home, work, school, mobile) this is a double edge sword. Set it to restrictive and you penalize paying customers. I, for example, have it set to 3 IP addresses in 12 minutes, and have never had an issue one way or the other.
Thanks for the reply. I understand it could be a double edged sword but couldn't it detect two or however many people login using that username and say you are logged in under two computers would you like to sign in under this one or keep signed in the other? when you say 3 IP in 12 minutes after 12 minutes the account is locked?
aMember does not provide a mechanism for terminating remote users sessions based on multiple logins. Only locking the account should a threshold be met. Yes, in my particular configuration, if > 3 IP addresses are detected within a 12 minute time window the account is locked. I'll need to double check, but I don't believe existing sessions are denied access (ie. instant lock out). The next login, however, they will be denied.