Solved

storing unique ID on user's machines

Posted on 2011-03-03
23
459 Views
Last Modified: 2012-05-11
I know on some sites even with EE that even though I delete my cookies, my login information still gets populated in the login fields.  Is that information being stored in something other than cookies and is there a way to store a single ID string on a visitor's machine other than a cookie when a user visits a site?  Something that would work across all the major browsers and where they user is not entering in field data?  in the registry perhaps or would that require an Active X action?

How about storing in php session versus storing in cookie?

I also host my sites and control the server session.

Any ideas experts?
0
Comment
Question by:COwebmaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
  • 4
  • +1
23 Comments
 
LVL 14

Assisted Solution

by:robasta
robasta earned 71 total points
ID: 35034035
...my login information still gets populated in the login fields...


The login fields are populated by the browser. This feature is browser based and is determined by the user.. The browser asks you if you want to save your details, if you agree, the browser will save the details. You (as the developer) do not have access to these user/passwords.

I'm sure cookies are the best way of storing persistent user information (seeing that the major sites use cookies).

I dont think you will have access to the registry (security).

0
 
LVL 12

Accepted Solution

by:
satsumo earned 214 total points
ID: 35037000
You could store information against the visitors IP address, in the same way that some sites ban people by their IP address.  However the IP address is not guaranteed to be unique.  It depends on the information you keep.  If the information doesn't need to be secure then using the IP address will work most of the time.
0
 

Assisted Solution

by:COwebmaster
COwebmaster earned 0 total points
ID: 35037145
satsumo, that's a good idea on the ip.  how about the mac address on the user's machine?
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 12

Assisted Solution

by:satsumo
satsumo earned 214 total points
ID: 35037762
I don't think there is anyway to get the MAC address with HTTP, or any other common protocol.  Besides the connection comes through the ISP, you'd probably end up with the MAC address of the network card in the ISP's server and thats unlikely to be the same twice.  The server will have an IP address for each connection and most people will connect with a consistent IP address.
0
 
LVL 29

Assisted Solution

by:Badotz
Badotz earned 215 total points
ID: 35038825
Ask the visitor to identify herself, store the user id/password in a database, then hash and encrypt that information (with AES? Blowfish?) and create a unique token. That becomes the ID for that visitor.

0
 

Author Comment

by:COwebmaster
ID: 35038933
yes, but what if the user deletes his cookies from his browser?  then that ID is lost.  What about keeping the browser session open on that visitor?
0
 
LVL 29

Assisted Solution

by:Badotz
Badotz earned 215 total points
ID: 35038988
No, it isn't lost, it is still in the database. The user has to log in again, is all.
0
 

Author Comment

by:COwebmaster
ID: 35039345
that's the rub though .. I don't want the visitor to log in.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35039647
If you don't persist the token and the user deletes her cookies, how will you re-evaluate the user?

Somehow, somewhere, you'll have to persist the value, methinks.
0
 

Author Comment

by:COwebmaster
ID: 35039670
yes, that's why I'm hoping there's a better solution than the cookie.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35039813
Session variables?
Database?

There isn't much else...
0
 
LVL 12

Assisted Solution

by:satsumo
satsumo earned 214 total points
ID: 35040982
This is one of the hot topics of the internet at the moment.  How do you reliably identify people without making them login and have lots of separate accounts everywhere?

Another possiblity is using another site to identify the person.  Many sites talk to Facebook and Twitter, there are ID schemes managed by Microsoft, Yahoo, OpenID and others.  I don't know how it works, and again it won't cover everybody.  Maybe it would be worth checking out.

I read recently that about 50% of the population of the UK is on Facebook.  I don't know what proportion of the UK's internet users that is.  Still, not everybody has a Facebook page, and using the IP address might be more reliable.
0
 

Author Comment

by:COwebmaster
ID: 35041015
good point.  I could store both the ip from the user's machine and drop a cookie and store that unique id on the server.  so everytime the user comes to the site, I do two things..

1) verify the cookie still exists
2) verify that the ip hasn't changed

If the ip hasn't changed but the cookie was removed, I can re-attached the cookie based on the unique ip.  If the ip was changed (dhcp), then update the record in the db for both the cookie data and ip data.

If both cookie was removed and ip changed, I'm screwed :)
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35041077
You cannot get around the fact that somewhere the user has logged into a website.

Whether or not it is your site is the issue: why are you set against it?
0
 

Author Comment

by:COwebmaster
ID: 35041090
Badotz, I'm not following.  I don't mind the user logging into my site and I'll encourage it.  If the user does not create a profile prior to leaving the site I want to make sure when they return they are seeing what they saw when they first arrived.  make sense?
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35041105
What you desire makes sense, but what you're doing does not. If the user leaves without identifying herself to you, how can you identify her when she returns?

This is not a monologue, it is a dialogue. Betty leaves something with you and from that you can always identify her.

Sorry, but what isn't clear?
0
 

Author Comment

by:COwebmaster
ID: 35041152
I understand your point. However, initially I'll need to identify with her machine.  Finding out it's Betty at the keyboard is of course the goal.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35041241
Ask for her token (or user id/pwd). Check against the database. Problem solved.
0
 
LVL 12

Expert Comment

by:satsumo
ID: 35043078
@Badotz, checking against the database will resolve the token.  COwebmaster dosen't want the user to have to type anything, and is concerned about identifying them if their IP changes or they delete their cookies.  Using both a cookie and the IP address creates redundancy, if the user changes IP or deletes cookies, they can still be identified by the other method.  Both token and IP would have to be stored in a database, because either might change.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35043900
You're relying on unreliables. The IP might change. The cookie might be deleted.

Perhaps your website offers support for a retinal scanner or fingerprint detector, or facial recognition - any of which could improve reliability.

The fact that your storing something in a database doesn't make if foolproof, unique or correct. How can you guarantee identification without knowing something permanent about Betty? Something private that only she knows?
0
 
LVL 29

Assisted Solution

by:Badotz
Badotz earned 215 total points
ID: 35043903
What if I am sitting at Betty's workstation? Will you "just know" that now I'm Betty? Where's the security in that?
0
 

Author Closing Comment

by:COwebmaster
ID: 35115465
thanks!
0
 
LVL 29

Expert Comment

by:Badotz
ID: 35115969
No worries - glad to help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question