Limiting site visitors access by sessions

ajna

I am trying to use sessions to track visiting users to my site...I want to limit them to the ability to only view, say 3 sample (dynamically created) pages of the site in a 24 hour period before being prompted to register. If they visit the next day they can view 3 sample pages again as a different session.

Now I suppose I could create a session with a variable that is incremented with each page they visit, then when the limit is reached they are prompted to register with the site... but my concern is how secure this will be. I mean, if they turn off their browser and turn it back on then re-visit the site, they would have the ability to view 3 more sample pages.

Do I need to use a day-long cookie with this, and if they delete their cookies am I back to a situation where they can get more views?

Any help and pointers would be appreciated.

devinemke

there is really no absolute foolproof way fo doing what you are trying to do. the HTTP spec is stateless. the basics are: you have a client, you have a server. there are several tricks that the server can do to try and tell that it is the same client coming back for subsequent requests (IP address, referer, session/cookies) but none of them are totally reliable and many can be disabled by the client.

my suggestion is you do what you already suggested, start a session and a page count. this will work for most of the time for most of your users. the alternative of course is to have people register right up front which obviously gives you much greater control over what clients can see.