Is there any way or best practice around device fingerprinting for a rails app? In other words. Given that all cookies are blocked, is there any way, with a relatively good degree of certainty, who the person is before they log in?
My assumption: IPs are unreliable for obvious reasons.
Check out Fingerprintjs2. It is quite useful in trying to uniquely identifying a browser.
We've setup device fingerprinting in our rails app using ThreatMetrix.com They are sort of expensive, but used by a number of large sites on the web and have built some good technology around this.
I have seen some Jquery open source released for this crop up: https://github.com/carlo/jquery-browser-fingerprint But have not tried it.
Even if all cookies are blocked, javascript can pick up plenty of device attributes.
