Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Uniquely Identify a Machine

Status
Not open for further replies.
Kirsle

Kirsle

Programmer
Jan 21, 2006
1,179
0
0
US
I was wondering if anybody knows how to uniquely identify a user's machine? I know it's possible to do, because I've seen other sites do it, but am not sure exactly how to do it.

Case in point:

Chase.com (JP Morgan Chase Bank), if you make an account to do your banking online, and sign in using a computer in which you haven't signed in before, it needs you to verify the login, by sending you an activation code by e-mail or text message. Once you activate once on that machine, you can log in at any later time and not be prompted again for activation... but then if you log on from a different machine, you need to reactivate on that particular machine.

At my college, most of the computers are pretty much identical... they all have the same hardware in them. If I sign in to Chase.com on one computer, it asks me to do the activation, and then if I sign in on another computer (using the same web browser and everything), it asks me again to activate.

How does a CGI script find out enough unique information about a computer? It can't be going by the IP address, because in my school's network, we all have the same external IP. Do they just use persistent cookies, or is there some other way?

Thanks in advance.

-------------
Cuvou.com | The NEW Kirsle.net
 
Sort by date Sort by votes
dump the cookies from a pc that has been activated and see what happens. My guess is it's done with cookies.

------------------------------------------
- Kevin, perl coder unexceptional! [wiggle]
 
Upvote 0 Downvote
After I posted, I opened Internet Explorer 6 (ies 4 linux), and logged in to chase.com there and it asked me for the activation code...

On Firefox (the browser I usually use), I entered this address from the chase website:

Code: 
javascript:alert(document.cookie);

It gave me a list of all the cookies. To test it, I went and cleared all my cookies, so that "document.cookie" returned blank. I logged in again (through Firefox), and it did not ask for activation again. So, it seems that even by clearing the cookies, Chase doesn't forget about my "unique machine" when I use Firefox again.

I imagine the same would apply on IE if I would've done the activation thing, cleared my cookies, and then went back and logged in again.

So, cookies might be part of it, but I don't think it relies solely on cookies. It can't rely on IP address and user-agent, though, because the same browser from the same network, but on a different computer, needs to reactivate.

-------------
Cuvou.com | The NEW Kirsle.net
 
Upvote 0 Downvote
A Google search just returned this article:


I guess it takes a lot of use of either HTTP headers or JavaScript to collect a bunch of information, but their example about that bank site sounds a lot like how Chase is doing it.

-------------
Cuvou.com | The NEW Kirsle.net
 
Upvote 0 Downvote
They could be using some rather elaborate combination of information but I really doubt they are using the CSS hack, that is not even possible with some browsers and is something I serioulsy doubt a bank would rely on. You could see if they were because it requires javascript to work.

------------------------------------------
- Kevin, perl coder unexceptional! [wiggle]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

213wayne
  • Locked
  • Question
Changing the IP address of a server using CGI bash commands
Replies
1
Views
117
feherke
feherke
twowheelin
  • Locked
  • Question
Can't run a java tool in my CGI Script
Replies
0
Views
101
twowheelin
twowheelin
kkarlekar
  • Locked
  • Question
start a streaming session to a web server using HTTP connect protocol.
Replies
1
Views
121
MillerH
MillerH
khanUlm
  • Locked
  • Question
Redirect to another page using cgi
Replies
0
Views
115
khanUlm
khanUlm
CHARTPAPER
  • Locked
  • Question
get information from POST to a cgi ksh (not pearl)
Replies
1
Views
28
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top