Need a way to identify the same person that visits my webpage.

Nik has asked for the wisdom of the Perl Monks concerning the following question:

I need a way to identify the same person that visits my webpage.... Until now i used cookies and the code is the following.

if ( $ENV{HTTP_COOKIE} ) {
   $st = $db->prepare( 'SELECT * FROM logs' );
   $st->execute();

   while ( $row = $st->fetchrow_hashref ) {
      if ( cookie(host) eq $row->{host} ) {
         $db->do( "UPDATE logs SET visits=visits+1 WHERE host='$row->{
+host}'" ) or die $db->errstr;
      }
   }

   if ( not $st->rows() ) {
      $db->do( "INSERT INTO logs VALUES (NULL, '$host', '$xronos', 'in
+dex', 1)" ) or die $db->errstr;
   }
}
elsif ( !$ENV{HTTP_COOKIE} ) {
   $db->do( "INSERT INTO logs VALUES (NULL, '$host', '$xronos', 'index
+', 1)" ) or die $db->errstr;
}
[download]

Well this piece of code worked great until i realized that not all of the website visitors had their broswer ebabled to store cookies. Because of that my website inserted 10-20 records of the same person that vistied my website because when the page wanted to read the visitors cookie it could not do it because the cookie never actually stored to the visitors pc. So the code decided to insert this person ip at the log onece again and once again thinking that he was another visitor.

Is there a way to overcome these obstacle? Can it be done by mainting state information on server side ? I did try to do read about this butdid not quite understand if this is the thing to what i want to do.....

Please if it is possible, can you give me an example of how can this be done please? To see what exactly happened to my webpage now go to http://www.nikolas.tk and at the first text box thats ask for a neme in (greek) type showlog and then click the button (emfanisi olos ton apospson) to see that it has logged you. But if you vitid again the site in wont say 2 (unless you have cookies anabled bu instead i will insrt anothe line of you)

I hope i gave you to understand what the problem was. Please give me examples if it can overcome this obstacle in another way.... Thank you.

The Devil Is In The Details!

Comment on Need a way to identify the same person that visits my webpage. Download Code

Replies are listed 'Best First'.
Re: Need a way to identify the same person that visits my webpage. by blue_cowdawg (Monsignor) on Jul 18, 2004 at 12:46 UTC
Until now i used cookies and the code is the following. The problem with using cookies is they are stored or accepted at the suffrage of the end user. If a browser has cookies turned off then no cookie. If the user clears the cookies out of their browser, no cookie. (bad dog... no cookie) As borisz pointed out very well, the alternative is to set up some sort of authentication for the web page and logging login sessions. There are two probelems with logging IP addresses: NAT will mask the true IP address of a client. If they are coming from a major college campus or large business multiple people from the same institution are going to have the same IP address. How do you tell Sam from Sally in that case? Most folks have dynamic IP addresses. If they connect to their ISP today they might get a different IP address tomorrow. Even setting up authentication is not 100% fool proof OBTW. There is nothing preventing an authenticated user from posting the account credentials to a newsgroup or bulletin board and 100 people using that token. It happens (allegedly) with pr0n sites all the time. There are stronger ways of ensuring non-repudiation, but that IMHO is beyond the scope of this discussion and besides I haven't had my coffee yet and I'm too lazy to go into all of that right now. :-)	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Need a way to identify the same person that visits my webpage. by borisz (Canon) on Jul 18, 2004 at 12:02 UTC
If cookies are not enough for you, force the user to login or login if no cookie is avail. Storing the ip of your visitor is wrong, the ip can change very often even from reqest to request. Boris	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Need a way to identify the same person that visits my webpage. by knoebi (Friar) on Jul 19, 2004 at 07:38 UTC
of course ( ;-) ) you can do it and you can even use sessions! But it maybe a lot of work (depending on your site-design) and there are some drawbacks too. if you can't use cookies, you have to add the session id to every single link on your page (and to forms, as hidden parameter, if you use forms at all) and this may be some work, if you don't have a good framework where you can switch such stuff on/off, but it definitly works. the biggest drawback for the user is, that the links allways change, thats why if i were you i would offer both options, just check first if the user accept cookies and if he doesnt use the other option. ciao knoebi	[reply]