I have written a dynamic database driven, object oriented website with an administration frontend etc etc. I would like to add a feature where customers can save items as "favourites", without having to create an account and login, to come back to them later, but I don't know how exactly to go about doing this... I see three options:
The problem with option 1 is that I don't know much about IP addresses - my Dad thinks they are unique, but I know people have had problems with systems like this.
The problem with 1 and 2 is that accounts have not been opened up to customers yet - only administrators can log in at the moment. It should be easy to alter this (no more than a morning or afternoons work) but I would also have to implement user groups too.
The problem with option 3 is that if user A saves a favourites list called "My Favourites", and then user B tries to save a list under this name and it is refused, user B will then be able to access the list saved by user A because they now know it already exists. A solution to this is to password protect lists, but to go to all this effort I may as well implement option 2.
Of course I could always use option 4; use an alternative if anyone can suggest a better solution than any of the above options.
So has anyone ever done something like this before? If so how did you go about it? What do you recommend (or not recommend)?
The problem with using an IP based solution is that IPs are not necessarily unique. A router allows multiple individuals to access the internet using one "External" IP address - which is what your website will see - and provides each user with a unique "Internal" address - which you don't have access to. Routers are used in companies, education institutions, homes, places that offer internet access like cafes, you name it. Thus, an IP based solution wouldn't work for everyone - for example both my roommate and I connect to the internet using a router and thus share one external IP address and would end up with one Favorites List that both can see.
A better solution would be to save some GUID into a cookie on the clients machine when they try to add a favorite. Then in your database you link the favorites to this GUID until the user creates an account on your system. But this isn't without its problems; if the user deletes the cookie from their machine they will loose access to their favorites.
The best option would be to have them create accounts on the system and once logged in, they can create favorites that are associated with their accounts. Thus option 2 would be the preferred solution especially for data that needs to persist until the user opts to delete it.