在 PHP 中创建唯一用户指纹的方法

What is the best way to generate a 'fingerprint' of user unique-ness in PHP?

For example:

  1. I could use a user's IP address as the 'fingerprint', however, there could be multiple other users on the same IP
  2. I could use the user's IP + user agent as the 'fingerprint', however, a single user could simply swap from safari to firefox and again be seen as being unique

Ideally, the fingerprint so label the 'machine' rather than browser or 'ip' but I can't think of how this is achievable.

Open to ideas/suggestions of how you uniquely identify your users, and what advantages/disadvantages your method has.

解决方案

Easiest and best way: use phps session-management - every client is given an ID, stored in a cookie (if enabled) or given as a get-variable on every link and form (alternatively you could set a cookie on your own). But, this only "fingerprints" the browser - if the user changes his browser, deletes his cookies or whatever, you can't identify it anymore.

Identifying every client by IP address is usually a bad idea and won't work. Clients that use the same router will have the same IP addresses - clients connected through a proxy-pool could have another IP address with every page load.

If you need a solution that can't be manipulated by the client in an easy way, try to do a combination of the following, using all that are supported by the clients browser and compare them on each page-load:

  • "normal" HTTP Cookies
  • Local Shared Objects (Flash Cookies)
  • Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Storing cookies in and reading out Web History
  • Storing cookies in HTTP ETags
  • Internet Explorer userData storage
  • HTML5 Session Storage
  • HTML5 Local Storage
  • HTML5 Global Storage
  • HTML5 Database Storage via SQLite

There's a solution called evercookie that implements all of this.

相关文章