Passing around ID's to beat PHP user authentication
How does a site stop this? : People purchase access to a selected area of a site and then pass around the username and password to all their friends.
One cannot check the IP address of the users because the IP address changes regularly for dialup customers, right? Also, people might access the site from their desktop and then their laptop.
So what do sites like nba.com do? NBA.com has a "Inside Ticket" service. I would expect kids to pass around passwords to this constantly.
The only thing I can think of is to watch the IP Address and if a username is coming from all over the place, then ask the user to change the password.
Any other ideas?