it seems to me that this is to much work for the output.  not only will
ISPs add complexity, but since you are combining thee seperate items you
confining people to a single location.  any laptop user may come in from
various ips and still be unique.  I tend to stay with the information you
described and mark them with a cookie to the corresponding unique row that
they are in the database where you have this information saved.  I used a
cookie value like the string you mentioned and it started to drag mysql
after heavy heavy use, trying to tie return visitors down on entry  so i
moved to keeping that info for compaison, and just storing the unique row
identifier for that user.  then you can try to nail down the exacts, after
the fact with the cookie and the ip info.  I think with this sort of a
solution you have nearly eveyone you can get except for internet cafes.

I'm not sure exactly what you're trying to do so pardon me if i went off on
a tangent.  And coming from a corportate environment.  where needs can
differ greatly.

                    Alan McFarlane                                                     
                    <mcfarlane_alan@ly       To:     [EMAIL PROTECTED]              
          >               cc:                                       
                                             Subject:     [PHP-DB] Re: Identifying 
                    01/18/2003 10:27                                                   

Ah, it seems that certain ISPs can make a client appear from differing
addresses (although the cookie - if set - would retain the same data).

This extends the problem...

Perhaps a lookup on md5(REMOTE_ADDR + CLIENT_IP + FORWARDED_FOR) on a
database, plus verification via the cookie?

Sheesh - it just keeps getting worse... :)

Alan McFarlane wrote:

> Having experimented with REMOTE_ADDR, HTTP_X_FORWARDER_FOR,
> HTTP_CLIENT_IP etc. I'm still unsure as to a foolproof method of
> identifying clients WITHOUT having them log in to a site.
> I can only assume that some combination of the above environment
> variables and judicious use of small cookies is as near as I can get to
> perfection, but I'm stumped if I can see how to do it.
> I am aware that whatever routine will only (roughly) identify a machine
> and not an actual human (can users be called human?), but that will have
> to do.
> As for sample code, I can only presume it would be something like:
> // Step 1 - get all interesting IP addresses...
> $ip1 = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;
> $ip2 = isset($_SERVER['HPPT_CLIENT_IP']) ? $_SERVER['HPPT_CLIENT_IP'] :
> null;
> $ip3 = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
> // This may in fact be good enough...
> $ip_md5 = md5(serialize(array($ip1, $ip2, $ip3)));
> // Step 2 - get a cookie
> $cookie = isset($_COOKIE[$ip_md5]) ? $_COOKIE[$ip_md5] : null;
> if (is_null($cookie))
> {
>   // set the cookie with something - probably just the $ip_md5 value?
> }
> Any suggestions etc. most appreciated.

PHP Database Mailing List (
To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to