how can identify client computer uniquely for website users

Cookies

Set a cookie on the client machine to identify the user.

  • Pros: Definitely unique per session
  • Cons: Easy to remove or prevent (even for people with limited technical knowledge), only apply to one browser, easy for a script to bypass

IP address

Use the user’s IP address to identify the user.

  • Pros: Changes infrequently, works across browsers, requires technical knowledge to spoof or use a proxy server
  • Cons: Not necessarily unique: one IP address can easily apply to entire homes/buildings/offices behind a network, and for some ISPs end user IP addresses might be reassigned

Browser fingerprinting

Use all browser data passed to the server (not just user agent, but also OS, screen resolution, and a number of other things) to generate a unique browser fingerprint.

  • Pros: High probability of being unique, opaque to the end user (changing IP addresses or clearing cookies won’t bypass it)
  • Cons: Probably too unique — any change in browser condition (or browser) will change the fingerprint (though you can choose only a subset of supplied browser information to balance fingerprint volatility and uniqueness), can be bypassed by scripts

You can, of course, also use multiple methods. Which method you use really depends on your specific use case. For many cases, just a simple cookie will do. If you want some defense against scripts or other methods of bypassing, add an IP address rate limit. You can also attempt to gather as much information as possible and use some sort of heuristic algorithm to try to find people that are bypassing the system for uniqueness that you have in place.



Leave a Reply