cookie related accounts

**hsriat** · Aug 5 '10, 05:00 PM

You can set cookies, but it will work as long as the user doesn't delete them or send a request from a different browser next time.

IP address doesn't remain the same always and also there can be more than one machines working behind one IP address (in case machines are behind a router). But you can maintain a list of blacklisted IP addresses from where you see request coming multiple times.

**Zahir86** · Aug 5 '10, 05:53 PM

That is not what i want

My question was how to relate two user's ?
In sense of cookie, ip ?
For the thing cookie i am bit confused how to do ?
That is why i am asking for suggestions.

**TheServant** · Aug 5 '10, 07:57 PM

What you are trying to do is near impossible. As mentioned, some people have dynamic IP addresses, so while it may look like one user several accounts, it's actually just lots of people with over lapping dynamic IP ranges.

Cookies are easily bypassed, but work in a similar way to a session:

Code:

$_COOKIE['user_id'] = 12;

And then you can check it:

Code:

if ($_COOKIE['user_id']!=12) {...}

What does your site do/provide where users may want to have more than one account? A game?

**Zahir86** · Aug 6 '10, 04:11 AM

Ok, here is the situation, i offer only one free account and it is quite possible that a fraud person can exploit our system and can create more than one account ? How can i catch him up?

**TheServant** · Aug 6 '10, 05:15 AM

What does your software/service do? Is it a game or business or what?

**Zahir86** · Aug 6 '10, 08:41 AM

We have a gaming portal, we offer free membership only for one user for 30 days and after that have to go for paid one. Suggestion required for implementing the stuff. Even how to catch the network Cookie, IP etc. As we will manually reveiw the stuff.

**iohos** · Aug 7 '10, 09:34 AM

make it mandatory for all your users to register their credit cards before they begin the trial bersion of your portal. It will discourage the "fraudsters ". If they like the trial version, they can go ahead and purchase it or walk away if they don't. Apple does it with their software products.

**Zahir86** · Aug 7 '10, 09:48 AM

I have done that, still we receive fraud credit card transactions so we use maxmind for that! But still i am finding a strong solution for my problem. And credit card is also of no -use if you have four credit cards, then you can register four different account, Which i do not want on my site to happen. As far as Jyoti Ballabh told me to do i am quite confused to understand the logic.

**iohos** · Aug 7 '10, 10:05 AM

What's the harm if someone having four credit cards registers with all of them using different usernames? You are running a gaming portal and revenue generation is your foremost aim like any business. Don't worry about what JB said, the whole concept of security token was new to me as well but I think you apply that when you expect a huge turn out or traffic for your site.

**Zahir86** · Aug 7 '10, 11:53 AM

iohos, I agree with you, here i my brief problem: If i would pose Credit card for registration i would loose conversion rates, cos not everyone would like to post a credit card at the very begining! Esp when website is not so popular one. I just need each member should have only one account! Not more than one ! Now how to achieve that !

**iohos** · Aug 7 '10, 05:49 PM

Why don't you post the url of your portal? It'll give us all a better understanding of what you are looking for. If you are afraid that asking for the credit card info may diminish your conversion rate then don't give into the phobia of single user- multiple usernames strategy. It's the risk you will have to take. Besides, if your gaming portal or game is so addictive to entice an individual to such fraudulent means, then I am sure it would have the mettle to fetch in many genuine users as well who actually purchase it. I find it weird when despite being a start-up in this field you insist on maintaining this strict policy. Why don't you just put up a counter for your site which keeps a track of the traffic the site creates and displays the number every time someone logs in. This will give a newcomer to the site a fair idea about how popular the site is and this is like a positive reinforcement reaction.

**Zahir86** · Aug 8 '10, 03:26 AM

Why don't you post the url of your portal?

iohos's : As far as i understand you mean to say that i should make my users know that i am tightening the security by posting the URL here.
The suggestions gave by you are not as what i wanted for ?

Thanks.

**Zahir86** · Aug 8 '10, 04:28 AM

Okay, as far as i am not clear on my question!
So here is a one line query : How to trace users with multiple accounts ? Already done with googling! Any ideas ?

**Atli** · Aug 8 '10, 06:55 AM

The bottom line is, you can not reliably prevent users from registering multiple times. You can try to make it difficult by logging IPs, using tokens or credit card info, but none of that will hold up if users really want to bypass it. There just isn't enough information available to make it practical. (Not enough "solid" information, anyways.)

This is why many services that offer both free and payed accounts limit the feature set of the free accounts, rather than offer an unlimited account on a timer.

Your choices are basically: try to prevent multiple registrations with the ideas that have already been posted here, and accept that you won't be able to prevent all of them; or try something different, like what I posted above.

cookie related accounts

cookie related accounts

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment