Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session ID's / User Tracking

Status
Not open for further replies.
1DMF

1DMF

Programmer
Jan 18, 2005
8,795
GB
Hello,

I have an affiliate script which creates a cookie to track the user against referring affiliate.

However obviously this breaks with cookies disabled!

On another forum it was suggested that a session ID is created and put in the DB, to cross reference with later.

So can someone advise how you would do this in perl, how do you generate a key based on the users machine and cross reference it later?

If you can't 'write' anything to their machine not even cookies, how do you 'tag' the machine for identifying later?

IP is not good enough due to NAT, so is there a way of getting the MAC-ID of the NIC and storing with IP?

How do you get a unique ID for a users machine when they hit a website so you can then track them?

Regards,

1DMF

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
 
Sort by date Sort by votes
There is a lot on google (search for perl session cookies) but here is what I do.

You create the sessionid and store what ever you want about that sessionid in the database. I write that sessionid to the cookie (that's the only thing I put in the cookie) but I also add it as part of the URL as they go through the site (in case they have cookies disabled). I have the session timeouts reset for every page they go to and I have a maximum total life time of the session (so if you are on the site every 5 min you will expire after 4 hours anyway, or if you are inactive for 10 min you will expire). I limit every session to the same IP it was created from (helps prevent session hijacking).

If they have cookies disabled, and leave the site, they have to log back in again. If their session expires and they hit the back button (with out using ajax or something) they will still see content on the site (everyone comes here asking about this, it's their browser caching the page).. but if they click on anything or try do do anything they will get prompted for a login again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[noevil]
Travis - Those who say it cannot be done are usually interrupted by someone else doing it; Give the wrong symptoms, get the wrong solutions;
 
Upvote 0 Downvote
I thought you were going to say add it to the URL, this would then screw with the 301 redirect and G!'s indexing.

I've thought about possibly having it as a hidden field instead but that would require every action/hyperlink to submit the hidden form field, rather than be a straight forward hyperlink.

Basically there is no easy way from what I can tell, nightmare!


"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

IVJP
  • Locked
  • Question
SharePoint/NTLM authentication using Perl, 401 Unauthorized, Credentials for 'Domain\User' failed
Replies
8
Views
548
Islanderman
Islanderman
spewn
  • Locked
  • Question
after session expires, it's empty and i can't initialize a new session...
Replies
1
Views
242
feherke
feherke
brittany1
  • Locked
  • Question
getting multiple and variable input from the user
Replies
0
Views
230
brittany1
brittany1
IVJP
  • Locked
  • Question
403 Forbidden/LWP UserAgent - please help
Replies
3
Views
455
1DMF
1DMF
SuTe
  • Locked
  • Question
Issues Logging Into An HTTPS Site From Perl Script Using LWP::UserAgent
Replies
1
Views
294
1DMF
1DMF

Part and Inventory Search

Sponsor

Back
Top