In order to avoid that the same device post a request, how is it possible to get an unique ID for all mobile devices with PHP?
Asked
Active
Viewed 3.8k times
7
-
2login and for each request send a unique id, like a hash... – ka_lin Sep 29 '13 at 19:14
-
Yes, but from the same device the user can creates multiple accounts – qwerty Sep 29 '13 at 19:15
-
You could use some sort of [device fingerprint](http://en.wikipedia.org/wiki/Device_fingerprint) to track a mobile device. It's not going to be foolproof, but can help to some extent. – AbdullahC Sep 29 '13 at 19:16
-
2In short: it isn't possible. Longer: you can make it difficult to. – Wrikken Sep 29 '13 at 19:21
2 Answers
17
It is not easy to reliably identify a client's device:
- You may set a cookie, but user can forge, modify, or delete it.
- You may try to track an IP, but user may use VPN, Proxy, or have dynamic IP; Also he may be a part of a local network and your code could potentially affect multiple users
- You may try flash cookies, but these are manageable too; not to mention user may not have flash installed
- You may try to use browser fingerprinting, but user may switch to a different browser, install a plugin, or simply change a few settings
- You may try to obtain MAC address, but well... this will fail too
Your best shot is to enforce registration, and assume one account = one user;
Your second best shot would be to just cookie a device, and rely on that cookie. Sure - savvy users will quickly figure it out, but you will cover most non-savvy users; Also that's what google do for tracking users.
I don't know what do you want to achieve, but if it's user tracking then think about it that way: if mighty google relies on authentication + cookies then why don't you?
If, on the other hand, you have a service, and want to limit usage to one trial account per user, then simply forget about it - most users will always figure out a way to create another free account, why don't you give them a lot of good reasons to pay instead?
Update
Another trick:
http://www.radicalresearch.co.uk/lab/hstssupercookies/
Because HSTS is a security feature and isn't intended to be used for tracking, web browsers treat it differently from cookies. It is only by intentional misapplication that HSTS can be exploited to track users.
Community
- 1
- 1
Adam Zielinski
- 2,774
- 1
- 25
- 36
0
In PHP, there is no native method to directly generate a unique ID for a device. However, you can use a combination of HTTP headers
function createDeviceFingerprint()
{
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$acceptLanguage = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$fingerprint = $userAgent . $acceptLanguage . $ipAddress;
return md5($fingerprint);
}
memo
- 305
- 1
- 3
- 10