I would like to implent a feature in my website that limits the access to a certain page.

It should allow 2 access per day per IP.

I was thinking of creating a mysql table and write in the ip+times the ip visited the website and than create a cron job that delets all entries every 24 hours.

But I am worried that his may causes too much server load (in case I get a few hundreth visits a day). Is there a better or simpler method to limit the daily access to two times per IP?

I was also thinking of using cookies or sessions, but I have got 0 plans on how to create a cookie that would do the job I need....

I am thankfull for any suggestions!

EDIT:

Two more things that I would need an advice about, after the helpful comments:

-will a public proxy detection script be enough to keep out at least the anonymous and web proxies?

-is it possible to limit the access for each IP individually and create a script, that will remove the entries for the IP exactly 24 hours after the first visit? Instead of having the cron job delete all data every 24 hours regardless of the time a visitor first came to my site?

Saving ip, time and number of accesses to the database is fine, a few hundred rows is not a problem for a mysql database (don't forget to set indexes on the table).

But note that users with shared IP might have problems accessing your page.

Using cookies is problematic because the user can control this and you can't restrict that. Of course, it depends on your application how important is to block the user aftex n accesses.

Sessions and/or cookies are not the most secure solution :

• Sessions expire after a while (typically something like half an hour, with default settings)
• Cookies can be deleted by the user ; or he can change browser

Your idea doesn't seem that bad ; and if you only have a couple hundred hits a day, it should handle the load, I suppose -- just use the right indexes on your MySQL table, to help with the selects you'll do to check if an IP has already been there.

But note that you can have more than one user, using the same IP address -- for instance, all people in the same company often share the same IP.