Re: [PHP] Sessions vs. MySQL records?
On Tue, 2004-02-03 at 11:05, Brian Dunning wrote: > I have an application where I want users to only be allowed 5 searches > per day unless they create an account. > > There may not be a simple answer to this, but in general, would it be > preferred to do this with 24-hour session variables, or by writing a > MySQL record for each visitor with the date and their IP address and > tracking their usage count? This is one of those tricky problems with web applications. If you rely on sessions then they can just delete the cookie and start over. If you use IP address than people can either disconnect and reconnect. Or even worse if someone gets an IP from their isp someone else already used on your site then they won't be able to do even one search. Lastly, If you have them create a 'basic' account so you can track it they can just create as many accounts as they want. Armed with that knowledge I would suggest the following: First of all, forget IP addresses. They are not reliable enough to assume that multiple requests from the same IP are the same person, especially if you are targeting business customers. Using a non-authenticated session is an easy way to solve your problem, however it will be *dead* simple to get around - switch browsers or delete your cookies. If your searches are relevant to each other (the second search uses session information from the first search, etc.) then this may be more useful since the only way around this is to destroy the session, effectively starting over. Lastly, using basic user accounts (just a username, password, and e-mail) would be your best solution. Granted someone can create 50 yahoo accounts and sign up 50 times. However, the cost to them of creating those accounts, maintaining 50 accounts on your site, and having to log-out and back in every 5 searches may be enough to convince them to pay you instead. Good Luck, Adam P.S. Should you find a 'magic' bullet to the web authentication problem please let all of us know! -- Adam Bregenzer [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions vs. MySQL records?
Hi, By sessions i assume you mean cookies (session information can be stored in other places such as a mysql database). If you do store the information in a cookie, your visitors can easily delete the cooky and get past your protection mechanism. Having said that opting for a mysql table that stores IP information isn't good enough either. Most dialup and ADSL users have dynamic IPs. So they may also get past your restrictions. Your best best would be to have a password protected website and limit the number of searchs per user based on userid. all the best. Brian Dunning wrote: I have an application where I want users to only be allowed 5 searches per day unless they create an account. There may not be a simple answer to this, but in general, would it be preferred to do this with 24-hour session variables, or by writing a MySQL record for each visitor with the date and their IP address and tracking their usage count? Thanks in advance for any thoughts. - Brian -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions vs. MySQL records?
On Wednesday 04 February 2004 00:05, Brian Dunning wrote: > I have an application where I want users to only be allowed 5 searches > per day unless they create an account. Unless you require that a user logs in before they can perform a search then there is no meaningful way to track how many searches they have performed. > There may not be a simple answer to this, but in general, would it be > preferred to do this with 24-hour session variables, or by writing a > MySQL record for each visitor with the date and their IP address and > tracking their usage count? Never use an IP address as a unique identifier unless you're in a closed network environment under your control. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Good news. Ten weeks from Friday will be a pretty good day. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions vs. MySQL records?
I have an application where I want users to only be allowed 5 searches per day unless they create an account. There may not be a simple answer to this, but in general, would it be preferred to do this with 24-hour session variables, or by writing a MySQL record for each visitor with the date and their IP address and tracking their usage count? Thanks in advance for any thoughts. - Brian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php