发表新帖
发表新帖

How to detect new Machine like Facebook?

前端 未结
关注
8 2075
花落未央
花落未央 2021-02-04 06:58

I am actually trying to detect a person, using a computer, Just like facebook. Whenever you sign into facebook using different machine, it detects the new machine and asks you t

相关标签:
8条回答
  • 再見小時候
    2021-02-04 07:27

    This process has very little to do with cookies, it's called fingerprinting.

    Basically, you can look at the functionality and support of your browser and there is a likelihood that the combination will be somewhat unique.

    You can test this out here: https://panopticlick.eff.org

    JavaScript example, but the theory can be transposed to any language: http://valve.github.io/fingerprintjs2/

    Using this in combination with cookies is the best way to detect unique devices. Store the fingerprint in a hidden field when you login and check that against the available fingerprints you've already got.

    0 讨论(0)
  • 滥情空心
    2021-02-04 07:33

    I recently tried this myself with the following results:

    MACBOOK = My laptop

    DELL = My friends laptop

    I logged in to Facebook on MACBOOK in SWEDEN, and was asked to name the device.

    My friend logged in to Facebook on DELL in SWEDEN and was asked to name the device.

    We both went to JAPAN.

    I logged in to Facebook on MACBOOK in JAPAN, I was not requested to name the device again.

    My friend logged in to Facebook on DELL in JAPAN, and was not requested to name the device again.

    I logged in to Facebook on DELL in JAPAN, and was asked to name the device.

    So, from that I conclude two different options:

    1. A persistant cookie for each Facebook user that logins on the device.
    2. Somehow Facebook can match MAC-adresses.

    Since 2. is never achievable without you installing plugins or whatnot, we are left with 1.

    Exploring the cookies I have with Facebook, I discover 13 of them. Using Google Chrome for this is really useful. Just go to chrome://settings/cookies and you'll get a list.

    The Facebook cookie named "lu" contains the following information:

    Name:   lu
Content:    (data)
Domain: .facebook.com
Path:   /
Send For:   Any kind of connection
Accessible to Script:   No (HttpOnly)
Created:    Thursday, June 9, 2011 8:58:10 PM
Expires:    Saturday, June 8, 2013 8:58:10 PM

    This is the only cookie they have that don't expire on browser close, the same day or a few days ahead. My educated guess would be that (data) would consist of the device information they check for this feature.

    I would also guess that they store the information in their database, and upon logging in they match the data against you again. If you match in certain predefined ways (like, both the ip adress and the browser is still the same), you automatically gets approved. This would explain why you could format your computer and still have the device approved.

    I am guessing that if you delete all cookies and then move to a different internet provider, you would be required to register the device again.

    0 讨论(0)
  • 梦毁少年i
    2021-02-04 07:39

    Facebook uses cookies to detect new devices. Deleting all cookies will lead Facebook to ask you to name your new device. Facebook has some tolerance for deleted cookies. For instance, deleting the long-living cookies has no effect if session cookies are set and you are already logged in.

    In addition Facebook seems to use the IP to detect when the user logs in far away from their usual location.

    0 讨论(0)
  • 一个人的身影
    2021-02-04 07:44

    facebook may detect machine by OS and copmuter name

    to get remote machine computer name :

    Get Client Machine Name in PHP

    to get remote machine OS :

    Get operating system info with PHP

    0 讨论(0)
  • 说谎
    2021-02-04 07:50

    The obvious answer is cookies plus IP address.

    However, as you say, IP addresses can change and cookies can be cleared by the user.

    There are in fact a whole load of ways to determine information about a user's machine, ranging from the browser ID to detecting the list of fonts installed on the computer. A recent experiment managed to show that without using cookies, it was possible for them to detect unique computers with quite a good degree of accuracy.

    However, it's highly unlikely that you'd need to do all of that -- most sites that do this just use cookies, and live with the fact that they can be reset. After all, if the user has cleared their cookies, they are expecting sites to forget who they are.

    Also, pretty much any technique you use to identify people will be perceieved as an invasion of the user's privacy (even cookies have this image for many people, because of abuse by advertising companies, hence why browsers allow them to be cleared).

    0 讨论(0)
  • 甜味超标
    2021-02-04 07:52

    I don't know if facebook uses this method, but an obvious method is simply testing for a cookie and setting it if it isn't there.

    0 讨论(0)
 看不清?
提交回复
热议问题