Until now i used cookies and the code is the following.

The problem with using cookies is they are stored or accepted at the suffrage of the end user. If a browser has cookies turned off then no cookie. If the user clears the cookies out of their browser, no cookie. (bad dog... no cookie)

As borisz pointed out very well, the alternative is to set up some sort of authentication for the web page and logging login sessions.

There are two probelems with logging IP addresses:

1. NAT will mask the true IP address of a client. If they are coming from a major college campus or large business multiple people from the same institution are going to have the same IP address. How do you tell Sam from Sally in that case?
2. Most folks have dynamic IP addresses. If they connect to their ISP today they might get a different IP address tomorrow.

Even setting up authentication is not 100% fool proof OBTW. There is nothing preventing an authenticated user from posting the account credentials to a newsgroup or bulletin board and 100 people using that token. It happens (allegedly) with pr0n sites all the time.

There are stronger ways of ensuring non-repudiation, but that IMHO is beyond the scope of this discussion and besides I haven't had my coffee yet and I'm too lazy to go into all of that right now. :-)