04-26-2023, 08:49 PM
(This post was last modified: 04-26-2023, 08:53 PM by Alexandre Machado.)
You mean only mobile devices or any device?
Browsers have very limited access to any hardware related stuff for security reasons. You can save data on the browser's local storage area, and read it back when the application starts, bypassing the login, but this also imposes a security risk (in case someone use that data stored and impersonate the user).
Browser fingerprinting also can be used to identify a user, but it is far from perfect too. For instance, cloned machines (common in corporate environments) can have the same fingerprint.
If you decide to go through this route, I suggest you use multiple techniques to avoid impersonation, but even then it will not be 100% safe. I would never use that in an application exposed to the internet.
Another idea is to use the new oAuth 2.0 feature that we have just implemented. Very easy to skip the login if the user is already connected to their google or microsoft account.
Browsers have very limited access to any hardware related stuff for security reasons. You can save data on the browser's local storage area, and read it back when the application starts, bypassing the login, but this also imposes a security risk (in case someone use that data stored and impersonate the user).
Browser fingerprinting also can be used to identify a user, but it is far from perfect too. For instance, cloned machines (common in corporate environments) can have the same fingerprint.
If you decide to go through this route, I suggest you use multiple techniques to avoid impersonation, but even then it will not be 100% safe. I would never use that in an application exposed to the internet.
Another idea is to use the new oAuth 2.0 feature that we have just implemented. Very easy to skip the login if the user is already connected to their google or microsoft account.