Skip to main content

Restrict Account Sharing

Zuora

Restrict Account Sharing

Many sites offering subscriptions to their customers do so with a limitation on the number of sessions a User may have at one time. This reduces oversharing of accounts and access to premium content.

With this in mind, Zephr created two features – one looking at Registered Users, and one looking at Anonymous Users.

For Registered Users, Zephr offers a configurable setting to limit account sharing and the number of active sessions an account can have at one time.

For Anonymous Users, Zephr allows you to use browser fingerprinting, helping to avoid additional grants to content for users who clear their cache to reset their session.

Restrict Concurrent User Sessions

In Zephr, a session is created each time you log in to your website and is specific to the browser and device you use for that login. Zephr Sessions last for one year, unless you actively logout. So, for example, while you may currently be reading your site in Chrome on your desktop, you may also have an active session on your mobile device, from logging in a few weeks ago. In this case, you would have two active Zephr sessions. Restricting Concurrent User Sessions allows you to limit the number of sessions available per user.

To limit the number of active sessions a User on your site can have, navigate to Settings > Identity Management within your Zephr Admin Console, then scroll to Restrict Account Sharing.

Tick the Restrict Concurrent User Sessions box. Once ticked, a number field will appear. Enter the maximum number of concurrent sessions per User here, then click Save.

Once saved, a User who is breaching this limit will have their oldest session removed when creating a new session via Zephr. For example, with a concurrent session limit of three (3), if a User logged in to your site on Desktop in October, Mobile in November, and Tablet in December, then tried to log in via a different Desktop in January, their original Desktop session from October would end. When returning to your site on that computer and browser, they would need to login again.

Browser Fingerprinting for Anonymous Users

Browser fingerprinting is information collected about a computer or device for the purpose of identification. It can be used to partially identify anonymous users and devices, even when cookies are turned off.

Within Zephr, Browser Fingerprinting can be used when checking to see whether a User is entitled to a grant – such as a meter of three free views of Article content for Anonymous Users.

Without browser fingerprinting, an Anonymous User has the ability to clear their cookies, and receive a new Zephr session when returning to your site. Doing so would result in a new grant, such as a new meter, if anonymous grants are in use. When browser fingerprinting is turned on, Zephr is able to establish that the User has received the Meter before, and avoid granting it for a second time.

To enable browser fingerprinting for Anonymous Users, navigate to Settings > Identity Management within your Zephr Admin Console, then scroll to Restrict Account Sharing.

Tick the Use Browser Fingerprinting for Anonymous Users box, then click Save.