By sessions i assume you mean cookies (session information can be stored in other places such as a mysql database). If you do store the information in a cookie, your visitors can easily delete the cooky and get past your protection mechanism.
Having said that opting for a mysql table that stores IP information isn't good enough either. Most dialup and ADSL users have dynamic IPs. So they may also get past your restrictions.
Your best best would be to have a password protected website and limit the number of searchs per user based on userid.
all the best.
Brian Dunning wrote:
I have an application where I want users to only be allowed 5 searches per day unless they create an account.
There may not be a simple answer to this, but in general, would it be preferred to do this with 24-hour session variables, or by writing a MySQL record for each visitor with the date and their IP address and tracking their usage count?
Thanks in advance for any thoughts.
- Brian
-- Raditha Dissanayake. ------------------------------------------------------------------------ http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
