This site covers pretty much every piece of information you can use to distinguish individuals through a browser.

该站点几乎涵盖了您可以用来通过浏览器区分个人的所有信息。

https://panopticlick.eff.org/

https://panopticlick.eff.org/

JavaScript, Java and Flash help a lot.

JavaScript、Java 和 Flash 有很大帮助。

easiest and best way: use phps session-management- every client is given an id, stored in a cookie (if enabled) or given as a get-variable on every link and form. (alternatively you could set a cookie on your own). but: this only "fingerprints" the browser - if the user changes his browser, deletes his cookies or whatever, you can't identify it anymore.

最简单和最好的方法：使用 phps会话管理- 每个客户端都被赋予一个 id，存储在 cookie 中（如果启用）或作为每个链接和表单上的 get 变量给出。（或者，您可以自己设置 cookie）。但是：这只是浏览器的“指纹”——如果用户改变了他的浏览器，删除了他的 cookie 或其他什么，你就无法再识别它了。

identifying every client by ip is usually a bad idea and won't work. clients that use the same router will have the same ip's - clients connected through a proxy-pool could have another ip with every page load.

通过 ip 识别每个客户端通常是一个坏主意，而且行不通。使用相同路由器的客户端将具有相同的 ip - 通过代理池连接的客户端可以在每个页面加载时拥有另一个 ip。

if you need a solution that can't be manipulated by the client in an easy way, try to do a combination of the following, using all that are supported by the clients browser and compare them on each page-load:

如果您需要一个无法由客户端以简单方式操作的解决方案，请尝试执行以下组合，使用客户端浏览器支持的所有内容并在每个页面加载时进行比较：

• "normal" HTTP Cookies
• Local Shared Objects (Flash Cookies)
• Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
• Storing cookies in and reading out Web History
• Storing cookies in HTTP ETags
• Internet Explorer userData storage
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 Database Storage via SQLite

• “普通”HTTP Cookie
• 本地共享对象（Flash Cookies）
• 使用 HTML5 Canvas 标签将 cookie 存储在自动生成的、强制缓存的 PNG 的 RGB 值中以读取像素（cookie）
• 存储 cookie 和读取网络历史记录
• 在 HTTP ETag 中存储 cookie
• Internet Explorer 用户数据存储
• HTML5 会话存储
• HTML5 本地存储
• HTML5 全局存储
• 通过 SQLite 存储 HTML5 数据库

there's an solution called evercookiethat implements all of this

有一个名为evercookie的解决方案可以实现所有这些

Achieving 100% reliability is not guaranteed, but combining some common methods can give you meaningful results

无法保证达到 100% 的可靠性，但结合一些常用方法可以为您提供有意义的结果

• Users generally don't switch browsers. Over-complication in your algorithm only to reach engineering perfection is not worth the effort.
• You certainly belong to the top 100 websites if you can expect multiple users from the same IP. Don't take it personal, but you're just not that popular.

• 用户通常不会切换浏览器。仅仅为了达到工程完美而使算法过于复杂是不值得的。
• 如果您可以期待来自同一 IP 的多个用户，那么您当然属于前 100 个网站。不要把它个人化，但你只是不那么受欢迎。

Take the simplest possible route that could work and adjust over time if it seems necessary.

采取可行的最简单的路线，并在必要时随着时间的推移进行调整。

There's something else to take in account, the public IP Address of a user is something that also can change in every page load.
There are multiple organizations that switch public IP's in they routers to balance traffic.

还有一点需要考虑，用户的公共 IP 地址也可以在每次页面加载时更改。
有多个组织在其路由器中切换公共 IP 以平衡流量。

I have three different computers, various handheld devices, and many of them have different browsers installed. I use all these interchangeably at home take them with me other places so, basically, on various IP addresses. What I'm trying to point out is that fingerprinting a browser or a machine for that matter is never going to be foolproof if your goal is to block a person.

我有三台不同的电脑，各种手持设备，其中许多都安装了不同的浏览器。我在家里交替使用所有这些，把它们带到其他地方，所以，基本上，在各种 IP 地址上。我想指出的是，如果您的目标是阻止一个人，那么对浏览器或机器进行指纹识别永远不会万无一失。

I recommend you take a different approach. Judge based on the inconclusive information you have available that suggests the identity of your banned user (same IP or same user-agent if it's a uncommon one or else some of the javascript browser fingerprinting methods such as available fonts, available plugins, non-standard window size, etc.) and require of those suspect visitors some higher form of identity verification -- such as oauth with Facebook, Google+, or Twitter. Then you can look to see if that social media account is genuine or created just to circumvent. There are also phone verification APIs in case your user base isn't social-media savvy and depending on how valuable it is to you that users don't circumvent banning.

我建议你采取不同的方法。根据您可用的非决定性信息来判断您被禁止的用户的身份（如果不常见，则使用相同的 IP 或相同的用户代理，或者其他一些 javascript 浏览器指纹识别方法，例如可用字体、可用插件、非标准窗口大小等），并要求那些可疑访问者进行某种更高形式的身份验证——例如使用 Facebook、Google+ 或 Twitter 进行 oauth。然后，您可以查看该社交媒体帐户是真实的还是仅为规避而创建的。还有电话验证 API，以防您的用户群不精通社交媒体，这取决于用户不规避禁令对您的价值。