Page 1 of 1

More Single Page Access Questions

PostPosted: May 13th, 2010, 2:21 am
by rjshuttleworth
Hi all,

To the authors - awesome plugin. Once live on our site we will be making a donation.

On single page access, I'd like to understand a little deeper how it works. The documentation says it uses IP and cookies to track access, but my testing seems to suggest this is not the case - i get no cookie created, and accessing the protected page from a different link simply throws me to the configured purchase page. i.e. only when I am returned from paypal does my URL contain the right key for access.

As I am testing in sandbox mode for paypal I do not see the sent emails, but I assume these are all good and contain the hashed link.

So questions for you:
1. How exactly does the access mechanism work?
2. If I want to build a custom subscriber admin page, can I access the hashed URLs used in email generation to build an index of the users subscribed pages?
3. A previous topic answer suggests there is stuff in the pipeline for single page access. Can you give an overview so we know what is coming (and therefore not to try and implement it ourselves?)

Many, many thanks.
Once again, awesome plugin
R

Re: More Single Page Access Questions

PostPosted: May 13th, 2010, 3:51 pm
by Jason Caldwell
rjshuttleworth wrote:The documentation says it uses IP and cookies to track access, but my testing seems to suggest this is not the case.

You're correct. The documentation is incorrect with respect to this feature. Actually, I left this in there, because the functionality is coming. However, at this point, the documentation is a little ahead of what actually happens. Thank you for correcting me. I did NOT leave it in there on purpose ;)

1. How exactly does the access mechanism work?

Access is granted by an encrypted link ( %%sp_access_url%% ) via email. This grants them access to a Single Page, and that is all. There are no cookies, or IP tracking being performed. The link itself contains encrypted access codes, along with two encrypted time-stamps that self-expire, based on the configuration of the Button Code that you generated for Single-Page Access in s2Member.

2. If I want to build a custom subscriber admin page, can I access the hashed URLs used in email generation to build an index of the users subscribed pages?

Yes, I would use s2Member -> API Notifications -> Single-Page Notification for this. s2Member will programmatically notify you, and send you the %%sp_access_url%% for each Customer. You'll want to build a PHP script that receives this information, and builds your index.

Another option might be the s2Member Filter "s2member_sp_access_link_gen". See: /s2member/functions/includes/sp-access.inc.php.

3. A previous topic answer suggests there is stuff in the pipeline for single page access. Can you give an overview so we know what is coming (and therefore not to try and implement it ourselves?)

I don't want to lock any changes in for sure, because we're still working on this. However, I can tell you that backward compatibility will be provided if at all possible.

Here are the current changes in the pipeline:

  • A new IP/Security module is being developed for s2Member. This module will make it possible for s2Member to log IP addresses associated with each Single-Page Access Link, and also for each Customer Username ( pertaining to Member Level Access ). This new module will not affect the formulation of Single-Page Access Links.

    The new IP/Security module, is going to monitor the IP addresses accessing each Single-Page Access Link, and allow the site owner ( you ) to configure the maximum unique IP's allowed for each Single-Page link, and/or for each Username that accesses the members area of your site.

    The goal here, is to give the site owner the ability to lock-down their site, and prevent link sharing and Username sharing in the public. s2Member is already very secure, but this will be an additional layer of security, specifically designed to prevent Single-Page Link sharing, and Username sharing.

  • For Single-Page Access, we are planning to implement cookie tracking, which will allow a Customer to land on the Single-Page, and once they've successfully gained access, cookies will be set, so that subsequent visits to that Page, will be granted without the need to click on the special Single-Page Access Link again.

    In other words, they'll be able to navigate your site, and come back to the protected Single-Page, with access being possible. Currently, this is a bit tricky, because the only way they can gain access, is by using the hashed link ( %%sp_access_url%% ), and once they click away from the Page, if they return, access is denied.

Thanks again. I'll have the documentation updated in the next release.