For a simple recommendation system in blog, I want to show popular posts to the user, but given the fact that the user has not yet viewed it.
If it is authorized
Then I save information about the viewed posts in the database
If not authorized here is the question.
I originally planned to store this in cookies, but for this to be cross-browser, I can store no more than 50 entries. It turns out that this method is not suitable.
Save in the database viewed post of unauthorized user with linking by IP address + user-agent, is it correct?
In general, how to proceed
You likely want to keep the information on your side (it's valuable), but don't use IP or user-agent, instead create a persistent cookie with a unique ID so that you can track them over time.
IP addresses change over time.
You should probably track where you've seen them from (IP, user-agent, etc), but that's metadata.