Skip to main content

Restrict Account Sharing

Zuora

Restrict Account Sharing

Many sites offering subscriptions do so with a limitation on how many concurrent sessions a user can have. This reduces the oversharing of accounts and access to premium content.

Note: These settings can only be used with the Zephr CDN.

You can limit user sessions in the following ways:

  • For Registered Users, you can limit account sharing and the number of active sessions allowed for an account.

A session is created every time an end user logs in to your site, and is specific to the browser and device used to log in. Sessions last for one year, unless the end user logs out.

For example, you could be reading a site using a browser on your desktop and also have an active session on your mobile device from a previous login. This would mean that you have two active sessions.

To control the number of concurrent user sessions at the global level, select the Set global session limit checkbox. Further fields display, as illustrated below:

restrict_account_sharing_jan16-768x448.png

Enter the number of sessions to allow in the Set the default number of sessions for all users text box.

If an end user logs in using a different browser and device, which exceeds the defined limit, you can configure the following behaviour:

  • They are automatically logged out of the oldest session.

By default, the Delete oldest session radio button is selected from the When session limit exceeded options. This means that if a user exceeds the specified session limit, their oldest session is deleted.

For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, when they log in on their tablet, they are automatically logged out of the session on their mobile device. If they want to visit your site again on their mobile device, they must log in.

  • They cannot log in.

To prevent the user from logging in when they reach the defined limit, select the Prevent login over session limit checkbox.

For example, if the limit is set to two and the end user is reading a site using a browser on their desktop and also has an active session on their mobile device from a previous login, they cannot log in on their tablet. In this case, an error message displays. To log in on the tablet, the user must log out of one of the other active sessions.

If you don’t want to configure any other settings, select the Save button. Otherwise, continue to define the configuration, as described in the Single Sign-on topic.