Using cookies for access restriction instread

Hello,

we are using Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions
, but it often has issues. So we changed the code to only notify us when user goes over hit IP limit and not block him.

Last time this happened it was caused probably by some botnet. There were a lot of IPs trying to login into user’s account (it was only a single POST request, didn’t looked like a real user coming to site to log in in access logs) and that blocked the account.

A lot of users use dynamic IPs, so if they travel with a single computer, they could use up the 30 IPs per month.

Is it possible to use Cookies instead? Something like – each browser where they log in would get a cookie and the cookie would get remembered on the site. And this would allow only few different browsers to log in during some shorter time.

We sometimes ask our users who break the 30 IPs/month rule if they are having any access issues to figure this out and they are only able to tell us that they used husband’s computer, then son’s computer with multiple browsers etc… So in general users do understand what a different browser is, but no what is a different IP address and their ISP might be changing their IP quite often.

Thanks!
Martin

Thank you for your inquiry.

No, currently s2Member doesn’t have any way to restrict based on cookies. This could be considered an insecure way to handle this also, because cookies can be seen and copies or recreated on another browser. There would also be issues with Users that have their browser’s ability to accept new cookies turned off. Currently the most secure and reliable way of tracking logins is with IPs. We are keeping an eye out for the possibility of a better solution, though.

That said, we are taking this into consideration for the future. Thanks for your thoughts.