2

I would like to mark certain computers for an application being used both on site and off. I was hoping to mark computers based on their MAC address, but it seems as though you cannot reliably do so.

Cookies are an issue as well, because oftentimes different windows accounts are being used, and we want this to be universal for all users.

Is there some combination of Geo-Fencing, IP-Address, or other variables that can be easily accessed over the web that allow me to log in as an admin, and mark a computer, and reliably know that device later on?

What are my best variables to gather to reasonably and reliably know a certain machine is being used?

Wesley
  • 5,381
  • 9
  • 42
  • 65

2 Answers2

1

localStorage could be an option for you. The data is stored on the client machine, doesn't have an expiration date, and is accessible on all browsers. You wouldn't need an IP or Geo-Fencing; just store the data in localStorage that identifies the computer and check for it each time the site is loaded.

There is one downfall to this approach, however, and I don't know if this is a problem for you or not. localStorage can be cleared by the user, meaning that if you 'mark' a computer with this method and then someone clears all browsing data, you would lose your data as well.

Here is how the localStorage can be cleared on each browser, taken from gibberish's answer about clearing localStorage (I recommend reading his whole answer as it contains useful links) which can be found here:

In Firefox, localStorage is cleared when these three conditions are met: (a) user clears recent history, (b) cookies are selected to be cleared, (c) time range is "Everything"

In Chrome, localStorage is cleared when these conditions are met: (a) clear browsing data, (b) "cookies and other site data" is selected, (c) timeframe is "from beginning of time". In Chrome, it is also now possible to delete localStorage for one specific site.

In IE, to clear localStorage: (a) Tools--Internet Options, (b) General tab, (c) delete browsing history on exit, (d) ensure "Cookies and website data" (or "temporary internet files and website files") is selected, (e) consider unchecking "Preserve Favorites website data" at the top

In Safari: (a) Click Safari (b) Preferences (c) Select the Privacy tab (d) Click Remove all website data (e) Click Remove Now

Opera: Despite excellent articles on localStorage from the Opera site, I haven't yet found clear (non-programmatic) instructions to users on how to clear localStorage. If anyone finds, please leave a comment below this answer with reference link.

Edit: if none of that works for you, look into this Battery Status API documentation. It won't work for computers without batteries, of course, but it can be used to reliably fingerprint devices that support the API. It is slightly controversial, however. For example, it doesn't matter if a user is in incognito mode or not. If you've fingerprinted them using this API, you will still know it's them.

Community
  • 1
  • 1
Sam W
  • 599
  • 2
  • 16
1

Using a unique client certificate per machine is an option.

CheeZe5
  • 975
  • 1
  • 8
  • 24