11-07-2007, 01:17 PM
|
#8 (permalink)
|
|
The Addict
Join Date: Nov 2007
Posts: 282
Thanks: 61
|
Quote:
Originally Posted by bluesaga
Yea, you can create a pretty good hash of a user though from all the information combined, but to be honest you should never go by any information that is sent by the user. Including potential headers, ip's etc, majority of things like that can be spoofed.
Its best to create a session, and simply have the user login again if they don't have the cookie.
|
Only way I'd use a fingerprint is to check if this user has changed browsers and ip's more then one then he would have to verify his account on next page view and change his password.(Good idea for a project if anyone likes it) |
|
|
|