Unique ID for a device with PHP

Question

In order to avoid that the same device post a request, how is it possible to get an unique ID for all mobile devices with PHP?

Answer 1

It is not easy to reliably identify a client's device:

1. You may set a cookie, but user can forge, modify, or delete it.
2. You may try to track an IP, but user may use VPN, Proxy, or have dynamic IP; Also he may be a part of a local network and your code could potentially affect multiple users
3. You may try flash cookies, but these are manageable too; not to mention user may not have flash installed
4. You may try to use browser fingerprinting, but user may switch to a different browser, install a plugin, or simply change a few settings
5. You may try to obtain MAC address, but well... this will fail too

Your best shot is to enforce registration, and assume one account = one user;

Your second best shot would be to just cookie a device, and rely on that cookie. Sure - savvy users will quickly figure it out, but you will cover most non-savvy users; Also that's what google do for tracking users.

I don't know what do you want to achieve, but if it's user tracking then think about it that way: if mighty google relies on authentication + cookies then why don't you?

If, on the other hand, you have a service, and want to limit usage to one trial account per user, then simply forget about it - most users will always figure out a way to create another free account, why don't you give them a lot of good reasons to pay instead?

Update

Another trick:

http://www.radicalresearch.co.uk/lab/hstssupercookies/

Because HSTS is a security feature and isn't intended to be used for tracking, web browsers treat it differently from cookies. It is only by intentional misapplication that HSTS can be exploited to track users.