How can i generate unique fingerprint of each client?
I know must use navigator object but some properties like navigator.battery cannot use in this method.
// battery included and unique may change.
var uniqueHash = exampleHash(JSON.stringify(navigator));
How can i generate correct unique fingerprint for each user just using JavaScript and without cookie.
Cross platform and older browser also must be included.
I need list of cross browser supported by navigator.X
Note: I don't want to generate random hash. i want to generate system base hash for each user and i dont wanna save on Cookie or Storage.
How can i generate unique fingerprint of each client?
I know must use navigator object but some properties like navigator.battery cannot use in this method.
// battery included and unique may change.
var uniqueHash = exampleHash(JSON.stringify(navigator));
How can i generate correct unique fingerprint for each user just using JavaScript and without cookie.
Cross platform and older browser also must be included.
I need list of cross browser supported by navigator.X
Note: I don't want to generate random hash. i want to generate system base hash for each user and i dont wanna save on Cookie or Storage.
Share Improve this question asked May 6, 2013 at 15:42 Mohammad Hossein FattahizadehMohammad Hossein Fattahizadeh 2,7315 gold badges35 silver badges50 bronze badges 7- 1 You mean uniquely identifying the surfing user, even if he/she deletes cookies and such? – Stefano Sanfilippo Commented May 6, 2013 at 15:43
- @esseks question updated. See note. – Mohammad Hossein Fattahizadeh Commented May 6, 2013 at 15:45
- 1 Please rephrase the question, I cannot understand what you are asking. You mean to generate an hash which identifies the bination of User Agent + Screen Size + etc. and keep it across all requests without using cookies? – Stefano Sanfilippo Commented May 6, 2013 at 15:49
- @esseks yeah. correct question if have any ambiguous – Mohammad Hossein Fattahizadeh Commented May 6, 2013 at 16:26
- Is this for tracking the user or, for example, for serving different versions of the site based on specific capabilities (screen width...)? – Stefano Sanfilippo Commented May 6, 2013 at 16:31
3 Answers
Reset to default 2How can i generate unique fingerprint of each client?
Short answer is that you can't. It's impossible to do this for every client. You can get close using invasive profiling of the client, but you'll probably only get a unique identifier in around 90-95% of cases.
and i dont wanna save on Cookie or Storage.
Is there a reason you don't want to store data client side? If you told us what you were trying to achieve then maybe we could suggest a better way to solve the problem.
One route that may be worth looking into is using the Mozilla Persona API. It exposes a navigator.id property for consumption. Getting a unique id from a user is as simple as...
navigator.id.get(function(unique_id) {
alert("this is your unique id: " + unique_id);
})
This has the downside of requiring user authorization
Example: http://jsfiddle/aJsL9/1/
Simplest way to keep a session without using cookies is appending a unique hash (maybe a UUID or something similar) to the urls in the page as a get parameter:
/my/fancy/url
bees
/my/fancy/url?HASHCODE
whenever the server receives a request, it capture the HASHCODE if present, otherwise it generates one, and then append it to all links on the served page.
Please bear in mind that the user can manipulate the HASHCODE and you should take that into account when engineering your application.
Anyway, notice that it's quite ugly in the fancy-url era. Also notice that user tracking is a delicate subject and you might incur into legal problems if you do not properly declare it in the TOS.
EDIT: you cannot track a person across multiple web sites without using cookies in any of their variants (flash, session storage, etc.) and a domain shared between sites. No way, you cannot set a variable or cookie from one domain and access it from another one in any decent browser, otherwise it would be a big security hole.
EDIT: Panopticlick cannot be used as a tracking method as you suggested, because it is based on statistical matching and it is also pretty bad at that (try browsing https://panopticlick.eff/ from outside the USA or with the just-released Chrome/Firefox update). It's a good proof concept, but nothing that you can use for this purpose. Also, you would need a whole lot of samples to get statistically relevant results.
EDIT: Browser fingerprint identifying power is weak: many browsers are autoupdating (like Chrome or Firefox) and official builts are very few (20? 40? Maybe a bit more if you count Linux distribution-piled ones), so you will find a consistent portion of users with the same user agent. Add that there is a pletora of consumer PCs with similar configurations.