Hi

I've built a site that has subscription only areas (although subscription is not managed through the site currently).

It appears that by default with DNN, a single user account can be logged in using multiple browser sessions. This is a real problem as it potentially allows a single username to be shared amongst multiple users and hence not requiring them to pay for their own subscription.

I have found a fix of sorts here:

<!--[if gte mso 9]> Normal 0 unctuationKerning/> false false false oNotPromoteQF/> EN-GB X-NONE X-NONE ontGrowAutofit/> ontVertAlignCellWithSp/> ontBreakConstrainedForcedTables/> ontVertAlignInTxbx/> MicrosoftInternetExplorer4 <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} a:link, span.MsoHyperlink {mso-style-noshow:yes; mso-style-priority:99; color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {mso-style-noshow:yes; mso-style-priority:99; color:purple; mso-themecolor:followedhyperlink; text-decoration:underline; text-underline:single;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> <!--[if gte mso 10]> http://www.eguanasolutions.com/DNN_...ID/37.aspx

However, this is still not sufficient as it still allows multiple logins from a single IP (as you would have in an office for instance).

Has anyone found a solution that would log out (or at least stop) a user if the same account attempted to log in more than once?

Many thanks

Hari

I posted a note about custom Authentication Providers for DotNetNuke in this thread. 

You could create a custom provider to try do do this.  You'd need to be able to figure out if the user trying to log in is already logged in.  This might be difficult since DotNetNuke doesn't know this.  That's how the web works. 

You could try to gain some information from the "Users Online" module.  It checks to see if someone has logged in the the last XX minutes.