Ok, I will try to sum what I said before, and clear up what I can imagine.
* I live in the post-USSR country, where internet providers are keeping speed down, connections are expensive and extras like real IP are accessible only at additional fee AND ONLY if you know that they should offer such service and ask expicitly for it.
* I am trying to protect the content, not the website as it is.
* I need some PC's that would allow any one who uses this and only this PC to access content for free, yet those PC's are not kiosks or something, just regular PCs behind nats and proxies.
* The website coverage is countrywide, so no localizied approaches are applicible

So it seems for me that it all comes down how to uniquely identify PC at logon. And I mean PC, because cookies are not any good as IE/FF/Opera, each can have a cookie, and if all browsers are open and logged in on my site, they are still valid if they use same PC.

Quote:Original post by Anonymous Poster

Quote:Original post by _Madman_
Ok, I will try to sum what I said before, and clear up what I can imagine.
* I live in the post-USSR country, where internet providers are keeping speed down, connections are expensive and extras like real IP are accessible only at additional fee AND ONLY if you know that they should offer such service and ask expicitly for it.
* I am trying to protect the content, not the website as it is.
* I need some PC's that would allow any one who uses this and only this PC to access content for free, yet those PC's are not kiosks or something, just regular PCs behind nats and proxies.
* The website coverage is countrywide, so no localizied approaches are applicible

So it seems for me that it all comes down how to uniquely identify PC at logon. And I mean PC, because cookies are not any good as IE/FF/Opera, each can have a cookie, and if all browsers are open and logged in on my site, they are still valid if they use same PC.

So you want people to authenticate themselves without actually authenticating themselves? Good luck with that.

You misunderstood the idea about the session cookie, by the way. Randomly generate a new cookie for each login, the cookie will be unique to that user for that session. If someone else logs in from another computer again, he will get another, different random cookie, and the first logged in user you can log out at the server then.

Basically I want the PC to do the logging for some PCs and users for the rest.

The idea about cookies is nice, although it has some problems with multiple browsers opened at the same time and if someone steals password and uses it on another computer. In that case legit and unlegit user will be kicked out in turns, but thats probably their fault... :)

Thank You for the suggestion, I'll try to test it out.

Well, it seems like no matter what, they'll need to authenticate at least the first time they access your content. Why not offer a username/password for registration, and then create a profile that contains data like OS, hostname, domain or workgroup ID, CPU, HD serial number or model number. Allow a few of the pieces of data to change over time so you don't screw over the guy who upgrades his box. If the profile changes completely, then you should allow that too, but lock out the original configuration. That will punish the guy who shares his login, but not stop someone who upgrades too much.