Identifying Unique Visitor Clicks

I have a requirement like this. My user can publish articles which are present in my website anywhere in the net. If somebody clicks on that link I will give my user points.

I have to uniquely identify the user machine so that if any body clicks the same post second time I will not give points to my user.

Using IP address we cannot identify, most of them are DHCP. Using cookies also we can't identify. Cookies are browser specific.

Is there any best approach to identify unique visitor machine.

I am using java 1.5
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gurvinder Pal SinghCommented:
<<Is there any best approach to identify unique visitor machine.>>
No, unless the user is registered on your website and is logged in.

<<Is there any best approach to identify unique visitor machine.>>
Cookies are good enough in most cases.
sasidhar1229Author Commented:
But user can delete cookies and he can click again for points.

I saw somebody using this javascript. If you understand this, could you explain me?

Gurvinder Pal SinghCommented:
If you are talking about 'clientsysname'  (line 94), then it is only possible on browsers where java is enabled.

did you checked if it is working on your browsers?
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

sasidhar1229Author Commented:
Yes it's working I tried it.

clientsysname giving this value 'localhost.localdomain'. This is not unique value. Whoever uses linux will get this value.

I updated the attachment with values generated.

I think it will give you some information.

Gurvinder Pal SinghCommented:
check the same script from another system, see if it gives a different value.
Also, check if it gives a unique value for each system behind a proxy

I personally don't think it is a trustworthy solution since this value cannot be unique for every machine. Simply because there aren't as many IP addresses as number of machines, and IP addresses are expensive thing
There's no simple solution to this problem.

There's the common approach - which is to use a cookie, but as you say a user can just delete them.

There's the browser fingerprint approach ( which is to pull as many properties as you can from a browser and recognize those as the "signature".  However if a user knew this they could still beat your system by changing some of those properties (e.g. the mix of fonts on their system) but it's more work for them then just cleaning out cookies.

There's the Flash cookie approach - which is to use a small piece of Flash code to write to local storage (an area separate from cookies that Flash uses to store information).  Again a user can clear this out but it's more work because "remove cookies" doesn't cut it - they need to work a bit harder.

Then you can put them all together and add a series of extra steps and use Evercookie ( which combines a whole series of techniques to try to store a cookie and if you delete all but one of them it'll recreate the rest.  But again it's not foolproof - it's just more work.

So if your site is going to hand out rewards to users based on their actions, you should assume that if your site is successful, somebody will figure out how to hack around any of these solutions and post the required steps for all of your users to make use of.

If you assume that your best solution is to take one of the above approaches and combine it with an IP limit - so a given IP can never earn more than a specific amount of user points.  If somebody is behind DHCP they may get unlucky and get no points (because other users have earned the entire quota) but this will stop you from being hacked.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sasidhar1229Author Commented:
Hi Doug,

Most of the users don't know all these. At least we can eliminate most of them.

And IP limit is also good one. I will try this approach.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.