Track A User That Is Not Logged In

Is it possible to track not logged in user without using session or a cookie? Is there a more reliable way? Just like www.filefactory.com or other similar download space website, t

Solution 1:

You dont track who is not logged in, you track whois logged in. So by default everybody gets the link for you must wait xx amount of seconds. If you clear cookies and start a new session, you are still a default user.

Now when somebody logs in, you can put in the session that he is authenticated. Then on the page to show the link you check that. Now if this logged in user would clear his cookies, he would become a default user again untill he logs in again.

//not actual php code
if (authenticated) {
  //show direct download link
} else {
  //show link after xx seconds
}

If you dont want to use session to keep track of logged in users, there are other ways, but most often its not realy needed or even less secure. Another way could be to use the authenticate header or keep the information in the query string. Both are less secure in my opion, but could be used.

Now if the goal is to prevent free users from downloading two files and need to wait for the second link, you can also make an educated guess if its the same user by combining user information to some sort of hash. EG user-agent, ip-address, location. This will not be 100% accurate, but could give you some idea of a returning free user without sessions.