i'm sure this is not a novel need, but i have failed to find or come up with just yet any (non-cookie) solution yet. i'm trying dearly to avoid cookies, but if that's the best or only way to do this, feel free to speak up. i'd love to hear from someone who has already tackled the problem of stopping concurrent web logins to a protected web space.
realizing that ultimately people can share their username/password to a for-fee protected web site, we would at *least* like to avoid the possibility that two people could both be logged in at the same time from two different computers. the use of IP address doesn't seem adequate since many users come through a router/proxy running NAT. any pointers?