iTunes Authenticates Free Members!!

We allow paying members (Levels 1 and 2) to have access to iTunes.

All non-paying, Level 0 users cannot access iTunes.

But, sometimes we’re discovering that when a Level 1 or 2 downgrades or cancels to Level 0 — then they can still access iTunes — fully authenticated.

Our Automatic EOT Behavior is set Enabled (yes) and Demote (convert to free subscriber).

We’re trying to understand where this is happening.

Some of the users were manually added to the user records as paying members so they do not have a Subscriber ID nor a Transaction ID (at least inside of s2Member).

Related question: Can we add a Paid Subscr. ID inside a manually added user record if we can get related info from PayPal for that subscriber?

Hello,

It sounds like this is what you might be running into (quoted from Dashboard -› s2Member® -› PayPal® Options -› Automatic EOT Behavior):

*Some Hairy Details* There might be times whenever you notice that a Member’s Subscription has been cancelled through PayPal®… but, s2Member continues allowing the User access to your site as a paid Member. Please don’t be confused by this… in 99.9% of these cases, the reason for this is legitimate. s2Member will only remove the User’s Membership privileges when an EOT ( End Of Term ) is processed, a refund occurs, a chargeback occurs, or when a cancellation occurs – which would later result in a delayed Auto-EOT by s2Member.

s2Member will not process an EOT until the User has completely used up the time they paid for. In other words, if a User signs up for a monthly Subscription on Jan 1st, and then cancels their Subscription on Jan 15th; technically, they should still be allowed to access the site for another 15 days, and then on Feb 1st, the time they paid for has completely elapsed. At that time, s2Member will remove their Membership privileges; by either demoting them to a Free Subscriber, or deleting their account from the system ( based on your configuration ). s2Member also calculates one extra day ( 24 hours ) into its equation, just to make sure access is not removed sooner than a Customer might expect.

Regarding manually updating the Subscriber ID for users who were manually added: YES, you can do that. When a member cancels their subscription (or a payment fails repeatedly), PayPal will send s2Member an IPN message that includes the Subscription ID. If s2Member can find a matching Subscription ID associated with an existing member, then it will handle that account as per your settings in Dashboard -› s2Member® -› PayPal® Options -› Automatic EOT Behavior.

Thank you.

We thought something like that was happening with the Automatic EOT behavior.

It’s challenging to resolve and manage issues with several pieces in the system:

• WordPress framework and user records [vast support info available],
• s2Member member management, security and authentication [vast support info available],
• AmazonS3 for CDN [support available if you’re Jeff Bezos],
• and iTunes for media (podcast) display [support available if you’re Jobs or Woz]…

Thank you for the info about manually adding Subscription ID.

Seeking refined answers…

1. Does 2Member remove authentication for iTunes when a member is downgraded or cancelled?

2. When does s2Member remove authentication for iTunes when a member is downgraded or cancelled?

– a. At the EOT date

– b. After the EOT date

3. Does s2Member do the above for manually added member records (i.e. those without Subscriber ID)?

4. How can we remove authentication for members who have access but should not?

1. Does 2Member remove authentication for iTunes when a member is downgraded or cancelled?

If the restriction is through levels, yes. If you’re generating the link to the file with a download key, then level doesn’t matter, unless you check level before adding the download key to the URL.

2. When does s2Member remove authentication for iTunes when a member is downgraded or cancelled?

When level is demoted, as long as download access depends on the user’s level, as explained above.

3. Does s2Member do the above for manually added member records (i.e. those without Subscriber ID)?

Yes, EOT behavior is applied to manually added members as long as you included an EOT time.

4. How can we remove authentication for members who have access but should not?

Changing their role to Level 0.

Again, all these level related questions depend on you not adding to the URL a download key without checking the level.

I hope that helps. :)

Thank you Christian,

We don’t use the link to files method. Our users go to iTunes, subscribe and iTunes asks for their authentication.

RE: Question 4, and answer (where role change to Level 0 should remove authentication):

We tested this on a manually added Level 1 user.

1. Demoted them to Level 0,
2. Logged out of everything (in case of any caching issues),
3. Unsubscribed to the iTunes podcast,
4. Then resubscribed to the iTunes podcast and it started downloading content without asking for authentication.

Why did the Level 0 user still have access to the authentication only podcast?

We don’t use the link to files method. Our users go to iTunes, subscribe and iTunes asks for their authentication.

What method do you use then? Where is the URL they’re using to subscribe in iTunes?

Also, are you running any caching plugins? Or is your server doing any caching that you know of? That might cause a previously authenticated session to be cached.