Can a website "secretely "identify me by other ways than just IP? [closed]

How can website that limits downloads per IP "ignore" that IP is changed by VPN?

I really am not keen to overcome a such limitation, but I'm just curious how (or if) the website may act as if it knows it's the same person/machine behind the different IP's, while at the same time acknowledging the new IP.

There is a limit of 5 articles that can be downloaded freely from this website per day. When that limit is reached there is a message like: "5 items already downloaded from IP etc" and the real IP is listed.

At this point I open a private session in Firefox (after having closed the normal one), change the IP there with an addon like CyberGhost VPN Free Proxy, and then I can verify that my IP and location are changed with an addon like IP Address and Geolocation. Even Google responds, as it switches language accordingly.

Trying to download from that site, the same message is shown: "5 items already downloaded from IP ..." and the new IP is listed. Changing again the IP, the message stays the same, only the IP changes.

The website seems to be reporting falsely that the new IP was already used in order to truly stop the same person overcome that limit.

What is happening here, or rather: what can be happening here?

The website is identifying you by other means than just the IP address.

It may be as simple as a cookie that identifies you, but can be very many other methods. In general the term you search is called Device fingerprint.

Cookies are very easy to delete and IP addresses are also easy to change using a VPN or proxy. The website could be using any of the parameters described in the post Unique Browser / User ID?