CODEWITHSUNDEEP
httphttpwebrequestip-addresshttpclientsession-cookies
user517491
user517491

Reputation:

Http Server can check whether two different requests are from same End-Machine

Is there a way except cookies/sessions(user can clear them) which allow HTTP server to check that two different requests are from same END-POINT MACHINE. I have googled a lot but a lot of them propose use of cookies, while others say that check the IP address of remote machine. The problem is that the server cannot get the IP address of END POINT MACHINE, It gets the IP of proxy server blah blah etc

PS: In my scenario, IP addresses of all users will not change.. Please help me out

UPDATE : one time passwords needs to be provided by the user, And CSRF protects the integrity of essentially one transaction -- Where as I need a solution where user does not have to enter anything, and Server can know whether two DIFFERENT HTTP REQUESTS are from same or different client machine?

UPDATE2 : Guys I have started the bounty +300 points for a valid solution -- Come on isn't there a solution? Be it a challenge....

Upvotes: 3

Views: 353

Answers (2)

e.dan
e.dan

Reputation: 7507

I am not aware of a 100% accurate solution, but you should take a look at the following:

http://panopticlick.eff.org/

They performed an informal test of browser-fingerprinting techniques and wrote a paper detailing the results which appear to be on the order of 80%-90% accuracy in unique identification of browsers.

You may also want to google "evercookie" (written by Samy of the MySpace "samy worm" fame) to learn about techniques for implementing hard-to-remove cookies. Be aware that there may be legal issues with uniquely identifying users without their consent.

Upvotes: 1

symcbean
symcbean

Reputation: 48387

Have a google for one time passwords and CSRF prevention.

Upvotes: 0

Related Questions