On Tue, 2004-02-03 at 11:05, Brian Dunning wrote: > I have an application where I want users to only be allowed 5 searches > per day unless they create an account. > > There may not be a simple answer to this, but in general, would it be > preferred to do this with 24-hour session variables, or by writing a > MySQL record for each visitor with the date and their IP address and > tracking their usage count?
This is one of those tricky problems with web applications. If you rely on sessions then they can just delete the cookie and start over. If you use IP address than people can either disconnect and reconnect. Or even worse if someone gets an IP from their isp someone else already used on your site then they won't be able to do even one search. Lastly, If you have them create a 'basic' account so you can track it they can just create as many accounts as they want. Armed with that knowledge I would suggest the following: First of all, forget IP addresses. They are not reliable enough to assume that multiple requests from the same IP are the same person, especially if you are targeting business customers. Using a non-authenticated session is an easy way to solve your problem, however it will be *dead* simple to get around - switch browsers or delete your cookies. If your searches are relevant to each other (the second search uses session information from the first search, etc.) then this may be more useful since the only way around this is to destroy the session, effectively starting over. Lastly, using basic user accounts (just a username, password, and e-mail) would be your best solution. Granted someone can create 50 yahoo accounts and sign up 50 times. However, the cost to them of creating those accounts, maintaining 50 accounts on your site, and having to log-out and back in every 5 searches may be enough to convince them to pay you instead. Good Luck, Adam P.S. Should you find a 'magic' bullet to the web authentication problem please let all of us know! -- Adam Bregenzer [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
