Reputation:
Chrome extensions, how to uniquely identify extension installation
I am building a Chrome extension that will require a user login.
I suppose I can have the user login and then give them a unique session key to store in their chrome extension localstorage[].
Is there anyway to tell if someone is trying to use someone else's session key on a different computer? Does Chrome have a unique variable somewhere I can access to tell that this wasn't the original chrome installation that was being used when the session key was created? (i.e. force re-login and invalidate the session-key)
Upvotes: 0
Views: 958
Answers (2)
Reputation: 22834
I'm not sure what are your security requirements. But if you just want a very basic level to make a little bit harder to share the login key, than I guess you could do something like this:
- Create a unique random key for the user when he installs your extension.
- Store that key on the localStorage and then match a login key with this unique random key you generated.
- If the unique random key is different than someone else is trying to access the account.
Upvotes: 0
Reputation: 47833
Chrome does not have a unique install key that is accessible through a JavaScript API. Instead you should authenticate users. Google Accounts through OpenId is a recommended method. You can ignore the parts specific to payment.
Upvotes: 2
Related Questions
- Making a unique extension id and key for Chrome extension?
- How to Detect a New Chrome Session in Extension
- Chrome extension id - how to find it
- Unique Session Per Chrome Tab in Extension
- How to securly identify browser-extension
- Chrome extension, unique id per install, for analytics
- How to track session of a browser from chrome extension
- What is the best to identify machine/user in Google Chrome Extention?
- Unique id for each Firefox & Chrome extension installation
- Uniquely identify that a request is coming from a particular installation of my extension