Best way to Identify a user uniquely

views:

answers:

+7 Q:

Best way to Identify a user uniquely

I am building a Like/Dislike feature. For this purpose I need to identify the particular user liking or disliking the post. I have an idea that without user logins this cannot be done perfectly, but whats the closest to perfect technique, Issues I have are stated below:

Cookies can be cleared, and vary form browser to browser
Most of the users dont have a dedicated public IP, and their IP keeps on changing for every session
a combo of cookies and IP might also not serve the purpose

So which technique shall I use to implement it ?

The language I am using for this is PHP

+3 A:

I think the best still be a cookie, not perfect , but if you do not want to use login mechanism , cookie is the best.

Haim Evgi 2010-10-13 10:26:37

Yup. Cheaters will cheat, no matter what obstacles you put into their path, and the remaining 99% of your users won't care. Unless you're implementing an electronic election, it's Good Enough.

Piskvor 2010-10-13 10:29:12

@PISKVOR - I AGREE WITH YOU

Haim Evgi 2010-10-13 10:31:37

shall I use some kind of a combo of userIP, Cookies and UserAgent. btw even changing the browser will also let the same user vote twice

Umair 2010-10-13 10:32:56

@Umair: Just the cookie would suffice IMO - the IP address can (and does) change during a single browsing session (3G connections, WiFi).

Piskvor 2010-10-13 10:36:47

You cannot get a perfect unique identity of a user really. Simply imagine a user that has two separate computers with separate browsers and separate internet connections. You will not be able to identify his two connections as being from the same user.

Once you accept this you can go as fancy as you want to. Cookies are generally nice, as although they can be cleared many users don't clear them really. If you are worried about abusive users though, IPs serve you better.

Additionally, you could include browsers' user-agent etc. The more different identification clues you include, the harder it gets to spoof the system. However, you should keep in mind, that you can spend a significant amount of effort for that, yet will never get a perfect solution anyways.

Frank 2010-10-13 10:31:11

you type faster than me ;-)

Francesco De Vittori 2010-10-13 10:32:20

I am thinking about using the IP too but it all comes to the issue that IPs change usually for every session, how about the browser and cookie. That also makes me think that if cookie is present then the browser obviously will be the same

Umair 2010-10-13 10:38:51

+2 A:

A login would be the best, but if you cannot follow that route you could use a combination of cookie, IP and other elements. With a large enough combination of parameters you could identify users with pretty good accuracy (even if not 100%).

This is very interesting and could point you in the right direction.

Francesco De Vittori 2010-10-13 10:31:46

I agree, a login system will keep users unique, at least on a username basis. So if they want to vote twice, they could sign up more than once but usually you can expect that people will get bored with going through a signup process twice.

etbal 2010-10-13 10:55:37

@etbal, I dont have login on tht site

Umair 2010-10-13 11:05:23

Let's consider all the options for identification:

Can't use IP: You have no control over all the NATs and dynamic IPs in between the server and the browser.
Can use cookies: You have almost full control over them. (Best option here)
Can use some sort of 'user' identification: But you don't want to use them here. Instead you can use some variant of it. Make the use enter it's email id. I can't think of any other user identification without user input.

Amit S 2010-10-13 10:53:00

the cookie seems to be a solution that might work, cant ask a user for email address just for liking or disliking something.

Umair 2010-10-13 11:06:53

+3 A:

Recently I read an article about this question and was surprised of how many methods exist for such task. IP and cookies are just "the tip of the iceberg". Look at evercookie, js library that produces "extremely persistent cookies".

galymzhan 2010-10-13 11:00:49

sounds interesting, exploring it right now

Umair 2010-10-13 11:05:59

Also, if you want to dive deeper into theory, check http://panopticlick.eff.org/ and links on that site.

galymzhan 2010-10-13 11:09:47

just tested evercookie, works well atleast on the demo site. am about to give it a try on a test page

Umair 2010-10-13 11:28:26

Given enough information you should be able to uniquely identify most browsers. This doesn't stop people from changing browsers. The link below explains more.

https://panopticlick.eff.org/

The best thing to do is to integrate facebook like.

Bellyboy 2010-10-13 11:13:23

Hi,

If you didn't already you should see what flash cookies have to offer - http://en.wikipedia.org/wiki/Local_Shared_Object

In my opinion these are closest to what you need.

Alin Purcaru 2010-10-13 11:19:08

ansaurus

tags:

views:

answers:

Best way to Identify a user uniquely

related questions