Having experimented with REMOTE_ADDR, HTTP_X_FORWARDER_FOR, HTTP_CLIENT_IP etc. I'm still unsure as to a foolproof method of identifying clients WITHOUT having them log in to a site.

I can only assume that some combination of the above environment variables and judicious use of small cookies is as near as I can get to perfection, but I'm stumped if I can see how to do it.

I am aware that whatever routine will only (roughly) identify a machine and not an actual human (can users be called human?), but that will have to do.

As for sample code, I can only presume it would be something like:

// Step 1 - get all interesting IP addresses...
$ip1 = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;
$ip2 = isset($_SERVER['HPPT_CLIENT_IP']) ? $_SERVER['HPPT_CLIENT_IP'] : null;

// This may in fact be good enough...
$ip_md5 = md5(serialize(array($ip1, $ip2, $ip3)));

// Step 2 - get a cookie
$cookie = isset($_COOKIE[$ip_md5]) ? $_COOKIE[$ip_md5] : null;

if (is_null($cookie))
// set the cookie with something - probably just the $ip_md5 value?

Any suggestions etc. most appreciated.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to