developer_web Ok. So, tutorials always teach about sessions that we must add them when users login to their accounts but php does not restrict starting sessions only when member users have logged into their accounts. I mean after all, pages cannot be part of an account unless the session is started. Right ?
developer_web I can start the session anytime by naming the session under the guest's ip
Yes you can. Some IPs are not unique to a single user, but most are.
There are ips that are not even close to unique to a user. VPNs and proxy servers are the reason.
The basic thing you are talking about is identifying someone when they are not explicitly telling you who they are. Perfect solution is impossible, because every solution has situations where it won't work. That means the best solution is to use several methods, because in cases where one approach does not work, another still might.
People running through VPNs to mask their IPs will have IPs tied to the VPN, not the user. You will find a relatively small number of IPs that a relatively large number of people use. That scenario will not work with IP the way you are talking.
So, if you put cookies on browsers and track by IP, you can look in your log for IPs that have a lot of different cookies associated with them. In those cases, you would have to rely on the cookie instead of the IP to id your separate users.
People in a household not using a VPN all will have the same IP. If there is only user per household for your site, then that won't matter.
There Was A Silver Bullet
developer_web Technically that can be done. Right ? And I won't face any technical or any other forms of trouble. Correct ? I mean, I can check every IP that is on my website and start a session for each new IP that drops to my website. Walla! I still make use of the session and track my guest visitors regardless of whether they open any member accounts on my site or not. Yes ? No need to use the risky Cookies here. Yes ?
To an extent.
developer_web I can start the session anytime by naming the session under the guest's ip and start tracking the guest aswell as log their activities under their IPs (instead of their Usernames). The "IP" session can count as their "account" (IP account).
This all is 100% true
Whenever someone hits your server who is not logged in, you can put a cookie onto their browser with a unique value. If they come back before the the cookie expires, or is removed from their browser, you can spot that.
You can identify browsers by their fingerprint. Browser fingerprints are unique to the device they are installed upon.