How can we resync Amazon S3 and s2Member?

Hello,

We use s2member Pro to manage membership and access to member only podcasts.

We serve member only podcasts from Amazon S3. And that works.

New, never registered before, non-members cannot access podcasts. So that works.

Paying members can access our podcasts. So that works.

But random, non-paying, former members are able to continue to have podcast access–even MONTHS later after cancellation. So… that aint’ working.

We’ve looked at former members and their status as non-paying, registered users, and we cannot figure out why s2Member continues to give these former paying, now level zero subscribers access to our member only podcast months later. [Our s2Member is set to downgrade to level zero on cancellation. ]

1. How can we kick the machine so that Amazon S3 will start over looking at our s2Members with a clean slate?

We don’t mind a one time hiccup where ALL (paying!) members must resubscribe–we just want cancelled members to stop being approved for access.

2. And how to we prevent this from happening again after we learn how to clear out the non-paying subscribers?

It’s really like s2Member and Amazon S3 are caching access info and we’d like to hit the big “flush the cache” button.

Thank you.

Chris

• This topic was modified 3 years, 11 months ago by  AnotherOpus.

Thank-you for reporting this important issue.

Can you please check to see what you have set up under Basic Download Restrictions? Because you do not have Open Registration enabled, this should be set up to have a specific number of downloads ONLY for level 1 or higher. Is that what you have here?

See: Dashboard -› s2Member® -› Download Options -› Basic Download Restrictions

Hello Bruce,

Dashboard -› s2Member® -› Download Options -› Basic Download Restrictions

Each level (0, 1, 2, 3 and 4) is set to 999999999 every 365 days.

Per the notes on the page, “To allow UNLIMITED downloads, use: 999999999 ( i.e. 999999999 = unlimited ).”

Because you mention, “…this should be set up to have a specific number of downloads ONLY for level 1 or higher.” Does this mean that because it allows level zero through four to download unlimited, that once a member is cancelled down to a level zero, they can continue to access podcasts?

I.e. Is it possible that because we allow level zero registered users to access unlimited downloads, that once a member is cancelled down to level zero they will continue to be authenticated–so essentially, once a “member” with access to podcasts–always a member with access to podcasts.

If that’s the case it is also inconsistent because most members cancelled to level zero can NOT access the podcasts.

Does this mean that the setting should NOT include level zero?

The other issue then is that we have podcasts which are NOT member only–so how does s2Member differentiate between them?

OR

Is there something else happening here that lets a minority of cancelled members continue to access podcasts?

This is beginning to get confusing because it seems there is overlap above, or in our understanding of my primary question.

1. We use Amazon S3 to deliver media for member only podcasts from a secured bucket.

2. We use Amazon S3 to delver media for anyone from an open bucket.

3. We use s2Member to authenticate whether a visitor is a member. The issue seems most apparent when a member, who has subscribed to iTunes, is no longer a member, and they can continue to access the member only podcast on iTunes.

The short story is we want to stop cancelled members from accessing content secured by Amazon S3 buckets, which are authenticated via s2Member.

Thank you for your continued help.

Chris

• This reply was modified 3 years, 11 months ago by  AnotherOpus.

Thanks for the heads up on this thread :-)

@AnotherOpus

I.e. Is it possible that because we allow level zero registered users to access unlimited downloads, that once a member is cancelled down to level zero they will continue to be authenticated–so essentially, once a “member” with access to podcasts–always a member with access to podcasts.

When a paying Member is demoted down to a Free Subscriber, they are at Membership Level #0 (a Free Subscriber). This is the default EOT Behavior for s2Member® installations. If your configuration of s2Member® allows unlimited downloads at Membership Level #0, that would create the behavior you’ve described. I would suggest that you configure s2Member® so that Membership Level #0 allows ZERO downloads.

See also: Dashboard -› s2Member® -› PayPal® Options -› Automatic EOT Behavior

If you are seeing inconsistency in this behavior, please keep the following details in mind. An Amazon S3 link (once it is generated for an authenticated User/Member), will remain available for up to 24 hours. So regardless of Membership Level, if they were authenticated at some point in the last 24 hours by s2Member®, their access to files in your Amazon S3 Bucket will remain, for up to 24 hours.

Dashboard -› s2Member® -› Download Options -› Amazon® S3/CDN Storage

Dev Note w/Technical Details: s2Member uses “Digitally Signed URLs”, authenticated by the Amazon® S3 API. Documented for developers here. To put it simply, s2Member will generate Amazon® S3 URLs ( internally ); which allow Customers temporary access to specific files inside your S3 Bucket. s2Member’s Digitally Signed URLs leading to Amazon® S3, give a Customer 24 hours to connect to the file inside your S3 Bucket. This connection period of 24 hours is largely irrelevant when used in combination with s2Member, because access is renewed for another 24 hours each time you make a file available to a User/Member, and they are authenticated by your configuration of s2Member. This connection period of 24 hours is just a secondary line of defense to further prevent the possibility of link sharing. If you need to change this connection timeout of 24 hours for some reason ( not likely ), you can use this WordPress® Filter: ws_plugin__s2member_amazon_s3_file_expires_time.

Another wildcard here (which I’m not clear on yet), is the way your podcast is integrated with s2Member®. If your podcast feed itself, is NOT protected by s2Member®, only the audio files that it offers; then that’s fine. But please note that if your feed itself is not protected, the feed will remain available to anyone that can access it. If problems persist for you, please submit a Dashboard login and we’ll review your configuration. Also please submit a URL leading to your podcast feed so we can review that with you as well.

Please do that privately. See: s2Member® » Private Contact Form

Please let us know if problems persist :-)

Hello Jason,

We seem to have success now.

We’ve tested with the level zero set to none and never, rather than the previous “999999999 every 365 days.”

A level zero subscriber cannot subscribe to the podcast using iTunes. That works as it should.

When that level zero subscriber is upgraded to a level one or level two paying member, then they can subscribe to the iTunes podcast. So that also works as it should.

Finally, when that level one or level two member is downgraded to a level zero subscriber they can no longer receive the iTunes podcast. So now that seems to finally be working. We’ll be watching it and let you know.

How we’re set up:

1. Our member only podcast media files are kept in Amazon S3.

2. The Amazon S3 media links are added to posts which are secured by s2Member.

3. These posts are in a category that iTunes uses for the member only podcast (feed).

So – WOW! After months of stress we think we may have found the issue may be a simple setting – the level one access.

Thank you and we’ll keep this thread posted (if it’s still open).

Chris