[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Identifying Unique Visitor Clicks

I have a requirement like this. My user can publish articles which are present in my website anywhere in the net. If somebody clicks on that link I will give my user points.

I have to uniquely identify the user machine so that if any body clicks the same post second time I will not give points to my user.

Using IP address we cannot identify, most of them are DHCP. Using cookies also we can't identify. Cookies are browser specific.

Is there any best approach to identify unique visitor machine.

I am using java 1.5
0
sasidhar1229
Asked:
sasidhar1229
  • 3
  • 3
1 Solution
 
Gurvinder Pal SinghCommented:
<<Is there any best approach to identify unique visitor machine.>>
No, unless the user is registered on your website and is logged in.

<<Is there any best approach to identify unique visitor machine.>>
Cookies are good enough in most cases.
0
 
sasidhar1229Author Commented:
But user can delete cookies and he can click again for points.

I saw somebody using this javascript. If you understand this, could you explain me?

PFA.
uniqueVisitor.txt
0
 
Gurvinder Pal SinghCommented:
If you are talking about 'clientsysname'  (line 94), then it is only possible on browsers where java is enabled.

did you checked if it is working on your browsers?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sasidhar1229Author Commented:
Yes it's working I tried it.

clientsysname giving this value 'localhost.localdomain'. This is not unique value. Whoever uses linux will get this value.

I updated the attachment with values generated.

I think it will give you some information.

PFA.
uniqueVisitor.txt
0
 
Gurvinder Pal SinghCommented:
check the same script from another system, see if it gives a different value.
Also, check if it gives a unique value for each system behind a proxy

I personally don't think it is a trustworthy solution since this value cannot be unique for every machine. Simply because there aren't as many IP addresses as number of machines, and IP addresses are expensive thing
0
 
dpearsonCommented:
There's no simple solution to this problem.

There's the common approach - which is to use a cookie, but as you say a user can just delete them.

There's the browser fingerprint approach (https://panopticlick.eff.org/) which is to pull as many properties as you can from a browser and recognize those as the "signature".  However if a user knew this they could still beat your system by changing some of those properties (e.g. the mix of fonts on their system) but it's more work for them then just cleaning out cookies.

There's the Flash cookie approach - which is to use a small piece of Flash code to write to local storage (an area separate from cookies that Flash uses to store information).  Again a user can clear this out but it's more work because "remove cookies" doesn't cut it - they need to work a bit harder.

Then you can put them all together and add a series of extra steps and use Evercookie (http://samy.pl/evercookie/) which combines a whole series of techniques to try to store a cookie and if you delete all but one of them it'll recreate the rest.  But again it's not foolproof - it's just more work.

So if your site is going to hand out rewards to users based on their actions, you should assume that if your site is successful, somebody will figure out how to hack around any of these solutions and post the required steps for all of your users to make use of.

If you assume that your best solution is to take one of the above approaches and combine it with an IP limit - so a given IP can never earn more than a specific amount of user points.  If somebody is behind DHCP they may get unlucky and get no points (because other users have earned the entire quota) but this will stop you from being hacked.

Doug
0
 
sasidhar1229Author Commented:
Hi Doug,

Most of the users don't know all these. At least we can eliminate most of them.

And IP limit is also good one. I will try this approach.

Regards,
Sasidhar.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now