I need to develop a web page, which automatically identifies “authorized user” and only when positive identification is done it continues. As it’s for mobile phone, I don’t want any “standard” login page. I don’t want any cookies for certain reason. So, I was thinking about a local file, which an authorized user copies on local storage, JavaScript validates the file and sends the request back to the server. Unfortunately, I haven’t found any such a possibility. So, I was thinking about local JS file, initial page would make redirection to the local file and, if it exists, it redirects the web browser to appropriate server location. Unfortunately, I found an article saying that from security reasons, it’s not possible to redirect between http:// and file://. Does anybody of you has an idea, how to do the identification task?
Asked
Active
Viewed 204 times
0
-
Why no cookies? You can use localStorage like you would a cookie though. Also, most mobile devices? You don't have access to the local storage, so that wouldn't work, and you cannot redirect between file and http anyway. Why no login form? – tkone Oct 01 '12 at 17:45
-
you can use shared preferences – Carlo Moretti Oct 01 '12 at 17:46
-
@Onheiron what are shared preferences? Like saying that if the user is logged in on their desktop machine and they're using chrome, if they use chrome on their iPhone and both are set to sync to the same account, you can use that? Forcing people to use a specific browser is never a good idea. – tkone Oct 01 '12 at 17:56
-
no cookies - because 1) they are transferred (their content) over internet (when the file is used, I can hash the information being trasnferred) and 2) they will be deleted when cleaning history .... – Marek Strop Oct 01 '12 at 19:30
2 Answers
0
Following your approach (no cookies, using a file to authenticate), the user could select a file in his phone, then you could generate a hash of the file and store in your server with the signature of the device.
Then you could:
- Make the user select exactly (can not edit if it's a
.txt, for example) the same file to login. - Automatically login the user for as long as the file exists and the hash is correct.
No need for cookies, creating user/pass or uploading files.
Helpful links:
-
Thanks, but this is not what I am looking for - manual selecting a file on mobile phone is terrible task. Especially, when a user is for example driving or so. It has to be automatic. – Marek Strop Oct 01 '12 at 19:30
-
@user1505921 it **can** be automatic. see my item number `2`. the user only have to select the file on the *first time*. this is how i do with my app. – RASG Oct 01 '12 at 19:32
-
Sorry, I didn’t notice “signature of the device“. Are you talking about so called “browser fingerprint”? I am not sure it’s secure for mobiles, where “standard” setup can be expected in most cases. – Marek Strop Oct 01 '12 at 19:37
