SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Seeking Membership Script that tracks cookies

    Hi,

    So I'm having a problem finding a good membership software script that looks nice, isn't thousands of dollars, & does this...

    capable of blocking user logins based on a cookie that is created when they register? and can that cookie be reset? In other words, is it possible to restrict member logins to one computer or device (they may be logging in from tablets or smartphones)?

    Most membership software only blocks IP addresses & that doesn't work. I have Amember for another site & I had HUGE problems when that IP blocker was turned on. The first client I got I had to remove it because the IP address kept changing.

    So, my website coder came up with a better solution (the one above).

    Any suggestions?

    Thanks


    Michelle

  2. #2
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ep2012 View Post
    capable of blocking user logins based on a cookie that is created when they register? and can that cookie be reset? In other words, is it possible to restrict member logins to one computer or device (they may be logging in from tablets or smartphones)?
    I don't quite understand.

    So, when a user logs in for the first time, you want to restrict them to only being able to log in using that specific device/computer?

    Doesn't that defeat the purpose of a website or web-based application that visitors can access from anywhere? Or am I misunderstanding what you're asking?
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes you are misunderstanding. This isn't for the site, this is for membership software that only paying clients can access.

    HTH


    Michelle

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    So what happens when the cookie gets deleted (by their security software or because they have too many other cookies stored)? Does that mean they then can't access the site at all?
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cookies aren't deleted every day.

    Do some people delete their cookies often? Yes, but I know I don't & I know the majority of people don't.

    By then they will have probably already printed off their business kit. If they need access again, they reach out to me.

    This method is a lot safer for the company owner than using IP addresses as an anti fraud screening method.

    Anyway, does anyone know of any software that does this?

  6. #6
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ep2012 View Post
    Cookies aren't deleted every day.

    Do some people delete their cookies often? Yes, but I know I don't & I know the majority of people don't.
    Browsers have the option of deleting cookies after the browser is closed. Some people do it manually. It's best not to assume that cookies stick around on a visitor's computers.

    By then they will have probably already printed off their business kit. If they need access again, they reach out to me.
    That seems quite inefficient given what I said above.


    What exactly is the flow here? Someone visits your site, purchases something, an is then presented with a page where they can download the product?
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  7. #7
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Force Flow View Post
    Browsers have the option of deleting cookies after the browser is closed. Some people do it manually. It's best not to assume that cookies stick around on a visitor's computers.


    That seems quite inefficient given what I said above.
    I know, but again, unless someone sets it that way, that's not the default of browsers.

    Quote Originally Posted by Force Flow View Post
    What exactly is the flow here? Someone visits your site, purchases something, an is then presented with a page where they can download the product?
    Yes.

    I have been using security software for ebooks for years (since 2002), but each one of them is TERRIBLE. I've been through 3 companies & either the clients have HUGE problems opening the files either b/c the clients are computer illiterate despite my clear instructions, or there are bugs in the software, or their tech support is terrible.

    This last company Secure ebook (www.secure-ebook.com) just ruined my relationship with 3 clients. They claim they get back to you within 48 hours, but they never did. I had to call & leave messages at least 5 times & then e-mailed about 5-10 more. They responded back & did nothing. I sent tons of screenshots & error messages & they are clueless.

    I lost tons of money trying to get my website coder to go onto one client's computer to try & open the files & it wouldn't. He also tried on his computer & I tried on mine & we both couldn't open the files. I finally had to give them insecure files which I NEVER do. It was either that or lose him. So no, don't recommend doing that. It's not an option for my proprietary material & I don't sell enough to put a ton of work into drip feeding them the material. They need it all at once.

    At this point I will be suing Secure ebook, as they are totally ignoring me & they even admitted in one email that they had issues, but refused to explain when it would be fixed. I just e-mailed the owner & the Vice President on Friday.

    Since this seems to be a recurring issue with every company I've purchased from & the other solutions are just TOO expensive, or they don't have the features I need, I have to find another solution, as this makes ME look bad. The only reason a client will have a less than perfect experience with me is b/c of these terrible companies.

    So, the only other alternative we came up with is to make each PDF into an html page & then get a membership software program & do what we mentioned above so they can't pass out the login to others.

  8. #8
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ep2012 View Post
    Cookies aren't deleted every day.
    Some people have their security set to delete cookies even more often than that. Some don't even allow cookies to be saved in the first place and only allow them to exist while the browser is open.

    Even if a cookie isn't deliberately deleted it can disappear for a range of reasons. The only thing certain is that on the occasion when they need access urgently the cookie will be gone.

    Using IP address is far more reliable than using cookies - at least an IP address identifies a specific Internet Service Provider.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  9. #9
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We will have to agree to disagree on this subject about IP's being more reliable & the majority of people deleting their cookies.

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ep2012 View Post
    We will have to agree to disagree on this subject about IP's being more reliable & the majority of people deleting their cookies.
    I guess we will. At least until the conversion of the internet frim IPv4 to IPv6 is complete and everyone will be able to have millions of IP addresses that belong specifically to them and can allocate a specific unique IP to each function on each device they own.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeh if I knew their IP address wouldn't change often, I'd take that security measure no problem, but after the first time it happened that the first client couldn't get in & Amember was saying that it was b/c of different IP addresses, since I couldn't very well accuse them without any proof that they were trying it on multiple computers, I had to shut that feature down & it was useless to me.

    When it IPv6 going to be complete?

  12. #12
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by felgall View Post
    Using IP address is far more reliable than using cookies - at least an IP address identifies a specific Internet Service Provider.
    I agree. Tying the download to an IP address is a bit more reliable than using cookies, which are wildly unreliable. Also, what's going stop someone from copying a cookie from one place to another?

    If you're really concerned about folks stealing content, have you looked into DRM? Personally, I've always advocated against DRM, but in your case, I can't really think of a good technical solution. If you email the product, they could still share it. If you only provide access to the download with a username and password, there isn't much stopping folks from sharing the username/password or the download after they've downloaded it.


    Quote Originally Posted by ep2012 View Post
    When it IPv6 going to be complete?
    It's complete and up and running--not everyone is using it though. A majority of the Internet is still using IPv4.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  13. #13
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Force Flow View Post
    Also, what's going stop someone from copying a cookie from one place to another?
    I agree. That's exactly what would happen if someone wanted to bypass the supposed security implemented via the cookie. At least with an IP address you can't copy it to everywhere.

    All the thieves would end up with a copy of the cookie while the legitimate purchaser would be denied access because their system security deleted the cookie because they didn't specifically tell the software to keep that specific one. Or if the legitimate purchaser didn't have security software installed then the cookie would drop out because of the hundreds of spam cookies being saved exceeding the cookie limit.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •