latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Using cookies for access restriction instread

Home Forums Community Forum Using cookies for access restriction instread

This topic contains 1 reply, has 2 voices. Last updated by  Bruce 3 years, 4 months ago.

Topic Author Topic
Posted: Tuesday Aug 13th, 2013 at 4:40 am #55632


we are using Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions
, but it often has issues. So we changed the code to only notify us when user goes over hit IP limit and not block him.

Last time this happened it was caused probably by some botnet. There were a lot of IPs trying to login into user’s account (it was only a single POST request, didn’t looked like a real user coming to site to log in in access logs) and that blocked the account.

A lot of users use dynamic IPs, so if they travel with a single computer, they could use up the 30 IPs per month.

Is it possible to use Cookies instead? Something like – each browser where they log in would get a cookie and the cookie would get remembered on the site. And this would allow only few different browsers to log in during some shorter time.

We sometimes ask our users who break the 30 IPs/month rule if they are having any access issues to figure this out and they are only able to tell us that they used husband’s computer, then son’s computer with multiple browsers etc… So in general users do understand what a different browser is, but no what is a different IP address and their ISP might be changing their IP quite often.


List Of Topic Replies

Viewing 1 replies (of 1 total)
Author Replies
Author Replies
Posted: Thursday Aug 15th, 2013 at 2:15 am #55815
Username: Bruce
Staff Member

Thank you for your inquiry.

No, currently s2Member doesn’t have any way to restrict based on cookies. This could be considered an insecure way to handle this also, because cookies can be seen and copies or recreated on another browser. There would also be issues with Users that have their browser’s ability to accept new cookies turned off. Currently the most secure and reliable way of tracking logins is with IPs. We are keeping an eye out for the possibility of a better solution, though.

That said, we are taking this into consideration for the future. Thanks for your thoughts.

Viewing 1 replies (of 1 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.