Tracking without cookies

Tuesday, 10 July 2007

I’ve created a simple script after discussions on a mailing list I’m a member of. The idea was to create a unique identifier without using a full IP address or cookies. It works using javascript to gather information about the browser (screen depth, user agent etc), it then takes all this information and creates a unique hash and returns the length of the hash to create the identifier (between 10-32 characters).

The script assumes the target user would only use one browser and have javascript enabled, I’m not sure if it could be used for production code but I thought it was worth looking into and any feedback would be helpful.

Probe POC

The entry 'Tracking without cookies' was posted on July 10th, 2007 at 2:11 pm and is filed under javascript, php, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

4 Responses to “Tracking without cookies”

  1. streety writes:
    No. 1 — July 10th, 2007 at 11:21 pm

    Maybe I misunderstand what’s happening here but if you’re only looking at the length of the hash wouldn’t this limit you to tracking just (32 – 10 =) 22 people?

  2. Gareth Heyes writes:
    No. 2 — July 11th, 2007 at 10:14 am

    Each user should get a hash based on their browser configuration, so each hash will be different. I was just cutting the length of the hash to get a nicer session id. Instead of a long 32 character session id.

  3. streety writes:
    No. 3 — July 11th, 2007 at 11:12 am

    That makes much more sense than what you actually say in the post.

    “creates a unique hash and returns the length of the hash to create the identifier (between 10-32 characters)”

  4. Gareth Heyes writes:
    No. 4 — July 11th, 2007 at 11:22 am

    Sorry about the confusion but it all I tried to say was it reduced the length of the hash using substring in javascript. I usually type in a hurry 🙂

«
»