I am trying to figure out a way to stop account sharing on a site that requires a login. To solve this I would want to base it on an individuals machine or ip. I know I could base this on a cookies, which could possible be deleted or an ip which could possibly be dynamic. Is there something that I am not thinking of? As of now I am thinking I would have to base it on a cookie that can only be rewritten so often with an ip.
Is this the only way to handle it or can someone point me in the right direction.
I would spend time looking into a system detecting account sharing instead of preventing. Not only do you not harm your average user logging in on a few locations, but it's also less time consuming and let's you be able to take more accurate action.
You can use your login / visit log for detection. More then one login in 5 minutes with distinct ip(s), the ip(s) used to login are from broad ISP's etc. etc.