-3

I am developing a web application using jsp. My requirement is to identify the no of request is from the same machine or not. How to finger print a device... I tried to get IP address but jsp returns always the server IP address. For this I refere the following question.get IP from client is there any way available to get IP or Mac address or a unique identifier of client PC using java script or jsp.....

Community
  • 1
  • 1
Ramakrishna
  • 426
  • 7
  • 26
  • 1
    I'm surprised to see downvotes without a comment. Duplicate / Invalid / wrong forum / guidelines to ask better Not even one downvoter explained why? – Praba May 11 '15 at 17:42
  • 1
    http://stackoverflow.com/questions/216542/how-do-i-uniquely-identify-computers-visiting-my-web-site?lq=1 –  May 11 '15 at 18:10
  • 2
    Does this answer your question? [How do I uniquely identify computers visiting my web site?](https://stackoverflow.com/questions/216542/how-do-i-uniquely-identify-computers-visiting-my-web-site) – Premkumar chalmeti Jul 07 '20 at 11:46

4 Answers4

2

You can always set a cookie. Check for the cookie on the request (when it arrives in Java). If it's there and it has a value you know, it's an existing user. If it's not there, it's a new user and you should set one for that user and keep track of the value you placed in.

If all other options aren't viable (like cookies, IP, user-agent or a combination of all), then you might want to consider having the user sign-up and login. That way, you have full knowledge on who's actually operating.

Joseph
  • 117,725
  • 30
  • 181
  • 234
1

IP request will not work when your server is behind a webserver like Apache. Better is to assign an id to the very first request and put it in a cookie. But if you want to identify the same client across multiple browsers, cookie might not help you. Can you be a bit more explanative about your requirement? What constitutes a unique client? same browser / multiple browsers / subnet is acceptable / or anything else? Can this help - How do I uniquely identify computers visiting my web site? ?

Check https://www.chromium.org/Home/chromium-security/client-identification-mechanisms which explains different client identification mechanisms. HTML appcache sounds like an option (but if cookies are not allowed, not sure about 'storing' something on the client machine's disk).

Community
  • 1
  • 1
Praba
  • 1,373
  • 10
  • 30
  • I can't use cookie.... My application is going to support financial operations so cookie are not recommended.... And machine is same but browser is different... – Ramakrishna May 11 '15 at 17:33
  • the HTTP headers have limited information and it's not foolproof. If your application is accessed from within a subnet which has a outbound proxy, even though you have several machines accessing your application, you'll have the same client IP. Same goes for when your application is behind a NAT. Sooner or latter you'll have to have a trade off. – Praba May 11 '15 at 17:36
  • Do you know why cookies are not recommended? you do have non-javascript readable, secure cookies which you can encrypt as well (though redundant if you're using https) that live for a short while. May be you can justify cookies. – Praba May 11 '15 at 17:43
  • how to implement encrypted cookies – Ramakrishna May 11 '15 at 17:55
  • If you're using HTTPS only, then you don't have to. Otherwise, you can use any strong encryption algorithm to encrypt your cookie in the java code before you set it on the response and decrypt it back once you receive it. If you need to identify the client, you need to have 2 way encryption (so you can decrypt). If you just need identify the IP/client, then one way encryption should do. – Praba May 11 '15 at 17:59
0

On your jsp you can use cookies. You could have something like this:

<%


   Cookie alreadyAccessed = new Cookie("already_accessed", "true");

   // Set expiry date after 24 Hrs
   alreadyAccessed.setMaxAge(60*60*24);

   // Add the cookie in the response header.
   response.addCookie( alreadyAccessed );
%>
Diogo Ribeiro
  • 11
  • 1
  • 4
0

You can't get MAC address. Other option available to you are :

  1. Set a unique cookie and use this.
  2. Use IP address and browser information in addition to cookie for additional surety.

Remote host and address diff you can get here Remote Address and Remote Host

Avinash
  • 1