ID user correctly using IP address and/or session variables

[daydreamer]

On my site I ask users a question, if they get it right they go to the next round, if not they have to wait a certain amount of seconds until they can retry.

 

I am storing the user IP's in a database to ID them, but if they are behind a router all the computers would have the same IP, which means only one user on that network could play.

 

If I use session variables, all the user has to do is delete their browser cookies and the time delay is reset.

 

 

How do I correctly ID their computer while preventing them from reseting the time limit?

 

Thanks

 

 

[WolfRage]

Use ini_set('session.use_trans_sid', TRUE); but be forewarned the SID will be attached to each request as a GET variable.

[PFMaBiSmAd]

You need to use a member/login in system that remembers that they are logged in using a session variable. If they close their browser or clear the session id, they will be logged out of the game as well. You can then keep track of any time limits using session variables.

[daydreamer]

Users wont want to sign up because it will take too long, they could play similar games without signing up.

 

If i use ini_set('session.use_trans_sid', TRUE), surely the user could still delete their current cookie and get a new session ID?

 

Thanks..

[PFMaBiSmAd]

Without a way of identifying users, where they cannot just delete it or alter it and can continue playing without restriction, you are out of luck.

 

Edit: If the point they are at in the game is dependent on values stored in the session, instead of just a URL and/or parameters on the end of the URL, then if they close the browser or delete the session id to get around any restrictions at the current point in the game, they would be sent back to the start of the game.

[daydreamer]

Yeh true thats what i was thinking...

 

What about large networks like schools or businesses, will all the computers have the same WAN IP?