Which is better if I'm looking to use something as an id in a database? I've got an app that contains a wysiwyg editor, and want it to save the information for the user without them having to login, since the notepad is just a small part of a tool that otherwise needs no logins to function.

I've thought about using cookies, but the data to store will quickly outgrow the cookie. So instead I thought about creating a cookie with their id in it and using that as an index into a database table of notes. The problem is that since there's no permanent login stored, if they delete their cookies their data is gone.

Another alternative would be to use their IP address as the index to the table, but this too has the problem of not being permanent. And this time whether their IP changes or not is wholly up to their provider, so they won't even have the same kind of say as they would when deleting cookies. However, it has the benefit that surfers without cookies activated would still be able to use the site.

Any suggestions? I'll probably go with the cookie ID, but was wondering if anyone might have a better idea or see something I missed.

Thanks!

Cookie is your best route to go, but you need to implement it properly. In order to do this, you should use a database and just store the user's ID in the cookie. Then the database retains the settings.

Never use an IP to track/store anything. It is too inconsistant. Since almost no-one has a static IP anymore, you could get hundreds of users with the same ISP. That means they will all have the same IP address. Also, what about users who utilize proxies? The will return only the proxy IP which changes about every minute. NEVER use this method.

Thanks for the added insight! I'll definitely be going with cookies (length 30 random strings should be secure enough and help avoid collisions). I'll still check for collisions before assigning the cookie, but with 36 characters in 36 positions itstretches probability.