Zephr User Guide

Restrict Account Sharing

0 views 0

Many sites offering subscriptions do so with a limitation on the number of sessions a user may have at one time. This reduces the oversharing of accounts and access to premium content.

With this in mind, Zephr created two features – one looking at Registered Users, and one looking at Anonymous Users.

For Registered Users, Zephr offers a configurable setting to limit account sharing and the number of active sessions an account can have at one time.

For Anonymous Users, Zephr allows browser fingerprinting, helping to avoid additional access for users who clear their cache to reset their session.

Restrict Concurrent User Sessions

In Zephr, a session is created each time you log in to your website and is specific to the browser and device you use for that login. Zephr Sessions last for one year, unless you actively logout. So, for example, while you may currently be reading your site in Chrome on your desktop, you may also have an active session on your mobile device, from logging in a few weeks ago. In this case, you would have two active Zephr sessions. Restricting Concurrent User Sessions allows you to limit the number of sessions available per user.

To limit the number of active sessions a user on your site can have, navigate to the Identity Module within your Zephr Admin Console, click Settings, then scroll to Restrict Account Sharing.

Tick the Restrict Concurrent User Sessions box. Once ticked, a number field will appear. Enter the maximum number of concurrent sessions per user here, then click Save.

Restricting concurrent user sessions to 3

Once saved, a user who is breaching this limit will have their oldest session removed when creating a new session. For example, with a concurrent session limit of three (3), if a user logged in to your site on Desktop in October, Mobile in November, and Tablet in December, then tried to log in via a different Desktop in January, their original Desktop session from October would end. When returning to your site on that computer and browser, they would need to log in again.

Alternatively, you can choose to restrict users from logging in to a new session. To do this, select the “Prevent login over concurrent sessions limit” checkbox, and click Save.

Tick box to prevent user login when concurrent session limit is hit

When selected, users will be unable to login to an additional session and will see an error message when trying to do so. They will need to log out of a previous session in order to log in again.

Browser Fingerprinting for Anonymous Users

Browser fingerprinting is information collected about a computer or device for the purpose of identification. It can be used to partially identify anonymous users and devices, even when cookies are turned off.

Within Zephr, Browser Fingerprinting can be used when checking to see whether a user is entitled to an anonymous user trial – such free views of content per day.

Without browser fingerprinting, an Anonymous User has the ability to clear their cookies and receive a new Zephr session when returning to your site. Doing so would result in a new trial beginning, and more access to content becoming available. When browser fingerprinting is turned on, Zephr is able to establish that the user has received the trial before, and avoid granting it for a second time.

To enable browser fingerprinting for Anonymous Users, navigate to the Identity Module within your Zephr Admin Console, click Settings, then scroll to Restrict Account Sharing.

Tick the Use Browser Fingerprinting for Anonymous Users box, then click Save.

Allow browser fingerprinting checkbox