CODEWITHSUNDEEP
javascriptnode.jsexpress
Patrickkx
Patrickkx

Reputation: 1870

Visits counter in NodeJS

I have my app in NodeJS. I have n of subpages with images. I want to display how many times did someone visit specified image.

My approach is kinda very simple. Basically, with every /get Im incrementing a field in database (treat it like a pseudo code):

app.get('/image/:id', (req, res) => {
   db.find((elem) => elem.id === req.id).update((elem) => elem.counter++);
})

It works. However the problem is about uniqueness. If I enter that route and hit reload ten times, the counter will be incremented by 10. It's pointless.

Question: how can I check if specified user already been on that site, so the counter would not increment?

app.get('/image/:id', (req, res) => {
   if (user is first time on site) {
      db.find((elem) => elem.id === req.id).update((elem) => elem.counter++);
   }
})

There are nodejs libraries, like express-limiter which are storing IP's somehow, so they won't let someone send the same request in specified time period. Should I do the same and store IP's? Is there any easier way to do it? Thank you

Upvotes: 0

Views: 1272

Answers (2)

Mavi Domates
Mavi Domates

Reputation: 4521

Unique user is a hard problem to solve. And contrary to what you think, even the big companies (unless they own the browser) don't have this 100% sorted because it's not possible to solve it with today's tech entirely.

You should read these:

For the sites which doesn't require sign-in, this is done through bunch of parameters, it would be generally a combination of these.

  • IP Address: One of the most primary things that you'd use, but also as previously mentioned, might resolve to multiple users. Also it can change.
  • Cookies: To mark the session. However cookies can be disabled / cleaned.
  • Browser specifics: Like the user agent / OS / build version / if you have it / additional plugins etc...

All of these are good when they are combined and stored in a way which you can make assumptions about the user (ex: in case a cookie is deleted), you can get a pretty accurate result, but all of those parameters could change over night and you can't really detect that user as an already visited user deterministically. Realistically you need something like machine_id+local_user_id to be able to do that. As I said, browsers can do this, but this would cause a lot of problems in terms of privacy, so I'd doubt anyone would be taking that route.

I would imagine in Google's / Apple's case if a user is using their services through their own respective browsers, they might be able to map it even further, even for the unauthenticated user, given their telemetry from their browser + their websites, but that's probably as far as it goes.

Never assume that user is ok with this. It's best to check with your users through your UI - cookie consent / user information storage is a very serious subject and you can get into a ton of trouble if you don't design it the right way.

Upvotes: 2

Matt Morgan
Matt Morgan

Reputation: 5303

There's no completely foolproof way to do this. You could:

  1. Store IP addresses, but that consolidates all visits from any IP, EG a network at an institution or business.
  2. Manage sessions. Check each request for a cookie, and create a session for users you haven't seen before. The problem here is that when users clear their cookies, you lose the ability to identify them next request.

Whatever strategy you use, you would need to store that information somewhere persistent, like a database, so you could fetch it and display or increment it.

Upvotes: 2

Related Questions