The most obvious way to keep track of individual users is to look at the remote IP address from which requests originate and to which the server sends its responses. If our server gets a request from 209.151.241.118, and a few minutes later gets another request from the same address, we can assume that both requests came from the same user, correct?

Well, no, we can’t. Although this was exactly the approach used in the log-analysis script in Chapter 10 to identify individual “visits” for statistical purposes, it can only give us an approximation rather than an exact count. The problem is that proxy servers often sit between our web server and our site’s users. With proxy servers, one user can appear to be interacting with our site from multiple IP addresses, or, conversely, multiple independent users can all appear to be interacting with our site from the same IP address. The bottom line is, remote IP addresses are unsuitable as a way to track individual users.

What can we do? One promising tool is the browser cookie, introduced originally by Netscape in Version 1.1 of its browser, and supported by both Netscape Communicator and Internet Explorer these days. The cookie lets us use a CGI script to send a unique string to the user in a special HTTP response header, with the user’s browser storing that string and submitting it back to the server on subsequent requests. Which is exactly what we want: a simple system that lets us tag an individual user ...