0

I tried searching but didn't find anything that I thought was exactly what I'm looking for so in short, Im sorry if this is a re post.

I am currently looking for some kind of ID or GUID type ID that would identify a users machine or the user or something similar that every time (without logging in to any login system) they can get an id that is directly related to them. That may not make sense so read on...

Basically I want them to get the same id every time they hit a page for a kind of analytic portion of an app im writing. I have access to server side scripting, quickest and easiest for me is PHP and I've been looking into that as well, but cant seem to find a way to make that unique ID repeatable.

I don't really want to rely on cookies and thats why I want to try to make this repeatable id, and I know its a long shot, but is there something in a tech that I might not know so well (maybe flash or something) that will be able to get an id over and over for that machine/user/mac address each time they visit the page?

I will also be storing a typical GUID for the session (thats done already), but the hard part is Id like the other ID to be somehow related to the USER, PC, MAC, etc.

TLDR: Does anyone have any ideas on how I can get a repeatable identifier (same string when visited by the same machine or user every time they hit the page)? Is there a technology that I may not have thought of that might be able to do this that is mostly cross browser that can do this, I think I've run out of java script options, maybe something like flash or HTML5 (though I would like it to be pretty cross browser accessible) or maybe even some kind of API or service?

Is there a bunch of fields that would somewhat reliably be able to be concatenated and encoded, even if its not 100% foolproof? Can flash or some other tech grab anything unique to the machine or something? Is there any other somewhat non standard tech that might be able to do this, like action script or VBScript (though I dont even know if that still works lol) or something along those lines?

Thanks a lot and sorry if I didnt come across clear or the post is too long :)

John Marczak
  • 1
  • 1
  • 1
    What do you mean by repeatable unique?! – SaidbakR Nov 12 '12 at 14:32
  • What about the clients IP address? Or create a session with a unique id? – Farhan Ahmad Nov 12 '12 at 14:33
  • you have to select one of three choices, 1- create session with that unique id. 2- save unique id in database with user ip and something like user agent information. 3- pass unique id with url and retrieve it using get. you don't want to use cookies with cookies it's four ways to keep tracking your users, otherwise is not possible – Mohammad Ahmad Nov 12 '12 at 14:39
  • I mean that every time, no matter how long in between (including if cookies are cleared), i need an id that would be unique to the machine. So an identifier that would be created and be the same every time for that machine/user. So if user A goes to the site and gets an ID of 123, every time they visit the site, they get 123. This is what makes me think it would have to be based off of machine/user **and** If user B visits the site, every time they get 321 even if they clear their cookies, etc. – John Marczak Nov 12 '12 at 15:02
  • I know this is a strange request, but I dont know how to accomplish this reliably. I cannot use IP because if they are at a large company, it would make all the users have the same ID. Im not sure I follow you 100% Mohammad, but I appreciate the input. Please keep the ideas coming! – John Marczak Nov 12 '12 at 15:06

1 Answers1

-2

If you use the $_SERVER array, you can read out some client specific informations. Like the host-name, IP and stuff. After finding a combination of client infos, which suits your needs of being unique enough, you just hash it, and store it somewhere for further usage, like in a file, database or a cache like APC.

Example:

$strUserId = $_SERVER['REMOTE_HOST'] . $_SERVER['HTTP_USER_AGENT'];
$strUserId = hash( 'sha256', $strUserId );

if( clientExists( $strUserId ) ) {
  $oSomeData = loadClientData( $strUserId );
}
else {
  $oSomeData = new Stuff();
}

$oModifiedData = doStuffWith( $oSomeData );

saveClientData( $strUserId, $oModifiedData );

Problem with this is, 2 users with the same IP and the same browser(-version) could get the same ID. Also if the user comes back with a new host-name or a browser version, he would get a new ID.

Without storing some info on the client you can't be safe.

K..
  • 4,044
  • 6
  • 40
  • 85
  • `$_SESSION` relies on cookies. – Jeremy J Starcher Nov 12 '12 at 14:51
  • My thought exactly and if say they went a month later, the $_SESSION['id'] or whatever would be generated and not the same, correct? I need something that would be unique to a user and repeatably created. It can be a concatenation of stuff and then maybe encoded (say base64_encode or whatever), it just has to be the same for the user/machine/whatever every time its generated. – John Marczak Nov 12 '12 at 14:57
  • You can configure it, so it doesn't rely on cookies and still use the mechanism. Also, with `session_name()` you can set the session-id to whatever string you want the current request to have. – K.. Nov 12 '12 at 15:04
  • From my understanding of PHP Sessions, the ID is generated randomly :( – John Marczak Nov 12 '12 at 15:20
  • php.net: "session_name() returns the name of the current session. If name is given, session_name() will update the session name and return the old session name." so you can simply overwrite it with your stuff – K.. Nov 12 '12 at 15:27
  • I'm not sure how that would solve the problem and its probably my fault for the way I'm explaining it or not understanding your answer. How would I come up with the session name that would always be the same for the same pc? The script works like this. Plain HTML page loads, does an ajax request and gets some info, but either side can create the ID I need, I just dont know how to make it repeatable for that computer/user. I think what your saying is how to store it, not how to generate it right? – John Marczak Nov 12 '12 at 15:52
  • Ah I see, you have to read out the client infos, like IP, browser and stuff, and then make up an session string of those parts you like. If you include the browser informations, you would probably end up with the same ID for every user who has the same browser, if you add the IP, every user with the same browser and the same IP would end up with the same ID etc. you get every client info and try to find a combination which uniquely indetifies a specific client, after that you can run a sha2 over it and got your ID. – K.. Nov 13 '12 at 10:07
  • I dont actually think there is a good answer to this question :( – John Marczak Nov 16 '12 at 16:12