带有 PHP 的设备的唯一 ID
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19082152/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unique ID for a device with PHP
提问by lorenzo83
In order to avoid that the same device post a request, how is it possible to get an unique ID for all mobile devices with PHP?
为了避免同一个设备发出一个请求,怎么可能用PHP为所有移动设备获取一个唯一的ID?
回答by siergiej
It is not easy to reliably identify a client's device:
可靠地识别客户端的设备并不容易:
- You may set a cookie, but user can forge, modify, or delete it.
- You may try to track an IP, but user may use VPN, Proxy, or have dynamic IP; Also he may be a part of a local network and your code could potentially affect multiple users
- You may try flash cookies, but these are manageable too; not to mention user may not have flash installed
- You may try to use browser fingerprinting, but user may switch to a different browser, install a plugin, or simply change a few settings
- You may try to obtain MAC address, but well... this will fail too
- 您可以设置cookie,但用户可以伪造、修改或删除它。
- 您可能会尝试跟踪 IP,但用户可能会使用 VPN、代理或拥有动态 IP;他也可能是本地网络的一部分,您的代码可能会影响多个用户
- 您可以尝试flash cookies,但这些也是可以管理的;更何况用户可能没有安装闪存
- 您可以尝试使用浏览器指纹识别,但用户可能会切换到不同的浏览器、安装插件或只是更改一些设置
- 您可能会尝试获取 MAC 地址,但是...这也会失败
Your best shot is to enforce registration, and assume one account = one user;
最好的办法是强制注册,并假设一个帐户 = 一个用户;
Your second best shot would be to just cookie a device, and rely on that cookie. Sure - savvy users will quickly figure it out, but you will cover most non-savvy users; Also that's what google do for tracking users.
您的第二个最佳选择是仅对设备进行 cookie,并依赖该 cookie。当然 - 精明的用户会很快弄明白,但您将涵盖大多数不精明的用户;这也是谷歌跟踪用户的方式。
I don't know what do you want to achieve, but if it's user tracking then think about it that way: if mighty google relies on authentication + cookies then why don't you?
我不知道您想要实现什么,但是如果是用户跟踪,那么请这样想:如果强大的 google 依赖于身份验证 + cookie,那为什么不呢?
If, on the other hand, you have a service, and want to limit usage to one trial account per user, then simply forget about it - most users will always figure out a way to create another free account, why don't you give them a lot of good reasons to pay instead?
另一方面,如果您有一项服务,并希望将每个用户的使用限制为一个试用帐户,那么只需忘记它 - 大多数用户总会想出一种方法来创建另一个免费帐户,您为什么不给他们有很多好的理由来支付吗?
Update
更新
Another trick:
另一个技巧:
http://www.radicalresearch.co.uk/lab/hstssupercookies/
http://www.radicalresearch.co.uk/lab/hstssupercookies/
Because HSTS is a security feature and isn't intended to be used for tracking, web browsers treat it differently from cookies. It is only by intentional misapplication that HSTS can be exploited to track users.
Because HSTS is a security feature and isn't intended to be used for tracking, web browsers treat it differently from cookies. It is only by intentional misapplication that HSTS can be exploited to track users.
