Tracing it’s roots to the inception of the service back in 2008 is an extremely interesting bug in the iRacing Web Browser, allowing a single account to participate in as many sessions as you have spare bodies lying around. As of last night, myself and several other PRC.net related individuals were able to confirm that the exploit is indeed alive and well in 2016. Replicating the exploit is extremely simple, as there are no programs or third party plug-ins required to execute something that can be easily coordinated on a Teamspeak server.
While an iRacing member is currently participating in a race session, another user can log onto his account and receive a vastly different array of buttons at the top of the Member’s Control Panel. As the iRacing simulation is not participating in a session on the secondary user’s computer, the options to both Join and Withdraw from the session are presented. Clicking Withdraw allows the second user to freely navigate the website with the primary user’s account and register for a different racing session, but does not physically boot the primary account user from the session they are currently participating in.
The secondary user is now free to sign up for another event and join a race in another session under the credentials of an account already participating in an unrelated session. Provided you have enough people bored out of their minds on Teamspeak, a third, fourth, and even fifth person can continue the cycle by logging into the primary account, withdrawing, and entering a new session.
What does this exploit open the door for? Primarily, you’re looking at a scenario where guys can team up and boost each other’s iRatings or Safety Ratings by participating in multiple sessions under the same credentials simultaneously. With some of the premium invitational series on iRacing.com requiring a certain Safety Rating or iRating level in order to enter, a last ditch push can be made by team members coordinating to help the driver of their choice.