It has been known that it’s not feasible to prevent users from sharing the same account. See this stackoverflow topic. One way to circumvent this is by forcing users to login by cellphone. But this is not convenient.
My approach is to deny users by referrer using .htaccess file. So that users can only access the page by Paypal’s auto return. The server deny direct access by denying empty referrer.
However, users can still keep the session active so that they can keep accessing to the content without paying again. Although it’s possible to change content’s url regularly. I am not sure this is the best approach to monetize content?
Specifically, what’s the best alternative aside from change url regularly?
How to restrict access by time horizon with .htaccess?