So ...
Before anything else, you need to understand how WordPress handles user sessions ...
As you may already know, WordPress uses cookies to identify a logged-in user.
But these cookies won't contain your password. They are carrying your username and a special key as a proof that you knew the password.
And if you check the well-known "Remember Me" button (as we all do), then anyone from that computer can log in to your site because WordPress allows the same username to be logged in from two different locations!
In plain English: users can easily share their password with their colleagues, friends, etc, and use the same login information in order to access your premium or paid content.
This is why you need to find a method that will allow you to prevent users from staying logged into the same account from multiple places.
Now let's see the solution ...