Skip to main content

Restrict Account Sharing

Zuora

Restrict Account Sharing

  1. Last updated
  2. Save as PDF

Many sites offering subscriptions do so with a limitation on how many concurrent sessions a user can have. This reduces the oversharing of accounts and access to premium content.

Note: These settings can only be used with the Zephr CDN.

You can limit user sessions in the following ways:

  • For Anonymous Users, you can use browser fingerprinting, which helps to avoid additional access for users who clear their cache to reset their session.

Browser fingerprinting is a method of data collection about a computer or device for identification purposes. It can be used for the following:

    • To identify anonymous users and devices; even if cookies are disabled
    • To check whether an end user is entitled to an anonymous user trial, such as free content views
      • If browser fingerprinting is used, Zephr can check whether a user has been granted a trial previously, and avoid granting it again.
      • If browser fingerprinting is not used, the end user can clear their cookies and start a new session by returning to your site. This would start a new trial and potentially provide further free access to content

To enable browser fingerprinting, select the Use browser fingerprinting for anonymous users checkbox, as illustrated below:

Screen-Shot-2020-04-14-at-1.40.53-PM.png

  • For Registered Users, you can limit account sharing and the number of active sessions allowed for an account.

A session is created every time an end user logs in to your site, and is specific to the browser and device used to log in. Sessions last for one year, unless the end user logs out.

For example, you could be reading a site using a browser on your desktop and also have an active session on your mobile device from a previous login. This would mean that you have two active sessions.

To control the number of concurrent user sessions at the global level, select the Set global session limit checkbox. Further fields display, as illustrated below:

restrict_account_sharing_jan16-768x448.png

Enter the number of sessions to allow in the Set the default number of sessions for all users text box.

If an end user logs in using a different browser and device, which exceeds the defined limit, you can configure the following behaviour:

    • They are automatically logged out of the oldest session.

By default, the Delete oldest session radio button is selected from the When session limit exceeded options. This means that if a user exceeds the specified session limit, their oldest session is deleted.

For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, when they log in on their tablet, they are automatically logged out of the session on their mobile device. If they want to visit your site again on their mobile device, they must log in.

    • They cannot log in.

To prevent the user from logging in when they reach the defined limit, select the Prevent login over session limit checkbox.

For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, they cannot log in on their tablet. In this case, an error message displays. To log in on the tablet, the user must log out of one of the other active sessions.

If you don’t want to configure any other settings, select the Save button. Otherwise, continue to define the configuration, as described in the Single Sign-on topic.