Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
client device ID
#1
Find out the ID of the device on which the client is running?
Situation :
When the client is working with the application, he left the program for a short time and must re-enter the username and password when re-logging in. 
The idea: 
To remember the ID of the device on which the client is working and, if the device ID has not changed when re-logging in, restore authorization without a LOGIN-PASSWORD request

Question: How do I find out the ID of the device on which the client is running?
Reply
#2
Maybe somehow you can find out the browser ID that the client uses? Or some other unique identifier .....
Reply
#3
You mean only mobile devices or any device?

Browsers have very limited access to any hardware related stuff for security reasons. You can save data on the browser's local storage area, and read it back when the application starts, bypassing the login, but this also imposes a security risk (in case someone use that data stored and impersonate the user).

Browser fingerprinting also can be used to identify a user, but it is far from perfect too. For instance, cloned machines (common in corporate environments) can have the same fingerprint.

If you decide to go through this route, I suggest you use multiple techniques to avoid impersonation, but even then it will not be 100% safe. I would never use that in an application exposed to the internet.

Another idea is to use the new oAuth 2.0 feature that we have just implemented. Very easy to skip the login if the user is already connected to their google or microsoft account.
Reply
#4
I proceed from the assumption that when a client has registered in the system, he is alone at the computer or in his hands a mobile device. If the client leaves the personal account by selecting the exit option in the corresponding menu, then in this case the next login to the personal account must be with a login and password request. And if the client leaves the personal account by clicking on some link or as a result of an error or carelessness closing the browser, then in this case I would like to let him into the account without additional login-password requests.

I was interested in the option of saving data in the browser's local storage. Write in more detail how to do this.
Reply
#5
(04-25-2023, 11:16 AM)Сергей Александрович Wrote: Find out the ID of the device on which the client is running?
Situation :
When the client is working with the application, he left the program for a short time and must re-enter the username and password when re-logging in. 
The idea: 
To remember the ID of the device on which the client is working and, if the device ID has not changed when re-logging in, restore authorization without a LOGIN-PASSWORD request

Question: How do I find out the ID of the device on which the client is running?

Almost impossible to ID a physical machine.   I've needed to do that in the past and used cookies.   

ID the "machine" by laying down a unique cookie, then you can check for that ID cookie in the future.  If you need to tie it to a physical machine, create an authorization process to run on that machine to create the cookie initially, then don't allow update/change.   Obviously you'll need to encrypt the cookie contents, but it will work.  SORT OF work.  The problem is that each browser on a machine has its own "cookie space', so there is a "machine" per browser.

Oh, and it is a cookie.  So can be fragile if cookies get nuked.   Not foolproof, but useful.

Dan
Reply
#6
Yes, it fits. Unfortunately, I have never worked with cookies. Could you send an example of how to do this?
Reply
#7
I'll create an example for you showing how to store information in browser's local storage and retrieve it in order to avoid a new login.

Please give me a couple of hours and I'll publish it in our github demo repository
Reply
#8
(05-01-2023, 08:46 PM)Alexandre Machado Wrote: I'll create an example for you showing how to store information in browser's local storage and retrieve it in order to avoid a new login.

Please give me a couple of hours and I'll publish it in our github demo repository

Alexander! I will be very grateful to you for this. Please write the URL of the link, for example, how to do it.
Reply
#9
The problem is solved. If someone is interested in the solution method, then I give it below.

Previously, in the body of the program, after the successful registration of the client, we provide to write the corresponding information to the components with the names lbUserLogin and lbUserPassw.

In the program after successful client registration in ScriptEvents writing:
// Saving data in localStorage
var UserLogin = document.getElementById("LBUSERLOGIN").textContent;
var UserPassw = document.getElementById("LBUSERPASSW").textContent;
localStorage.setItem('UserLogin',UserLogin);
localStorage.setItem('UserPassw',UserPassw);

//Before requesting registration data (Login-Password) from the client, we will check whether these data are available in LovalStorage
in ScriptEvents writing:

var UserLogin = localStorage.getItem('UserLogin');
var UserPassw = localStorage.getItem('UserPassw');
document.getElementById("EDAUTOLOGIN").value = UserLogin;
document.getElementById("EDAUTOPASSW").value = UserPassw;

Next, in the body of the program, we analyze the information in the edAutologin and edAutopassw components and use it to register a client in the system without asking a question to enter registration data.

To reset information in localStorage :
On the "Exit" button in ScriptEvents writing:
// Clear Data in LocalStorage
localStorage.setItem('UserLogin','');
localStorage.setItem('UserPassw','');

Good luck in mastering JavaScript
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)