I know not exactly how to ask this appropriately and where. I tried searching around and visited various (paid) solutions, but I would require a simple solution.
For a scientific work of mine I want to track user interactions or basically button clicks on a simple React site like this example I made http://flock-1401.students.fhstp.ac.at/
Assume the user visits the provided link above, then I want to create a log on a server (maybe nodejs self-hosted) where the user's interaction is tracked with a unique session to distinguish them. At most, there will be 150 users active.
I tried to use the following library:
https://github.com/react-ga/react-ga
However, I tend to not use Google Analytics as I don't need all the included stuff there. Maybe something like this https://github.com/greenstick/interactor? But how do I automatically save it then?
Thank you
I believe some users on my site are using IP masks to create more than one account. Due to the nature of my site/game it's against the rules and I need to remove players like this.
I currently track their IP, host, browser type and such with PHP, I also use javascript/jquery to get their screen size. I also have a little script set up that tells me if their coming through a forwarding service. It says this certain player is although his IP doesn't match any proxy lists I've come across.
Basically I'm looking for any other info I can collect that I can compare and determine if a suspect player is actually another players second account. Any suggestions?
The only thing i can think of is using telephone number as part of subscription process. And sending some sort of verification code via SMS.
Also you can start setting cookies.
And is it possible to imagine some sort of detection as part of your game/application. Like you add some game elements that would expose suspects to some secret knowledge. Setup honeypots. Like you show some secret 'cheat' codes or specific link/location to one suspected double and not to the other. Then if the other tries to use that info - you got him... Basically build some sneaky intelligence into your app
Combining these with all the other detection techniques, could make it very close to 100% bulletproof and can be a lot of fun.
I need to develop an application that registers the device/browser that the user is using. Such as banks or better yet FB does. So for example when a person logs in the application checks to see if they have logged in using that device/browser before. If not then have them go through a verification process.
The application will be built in .Net 4, Asp.Net MVC, js, jQuery, etc..
I hoping to get some advice on what others have used to accomplish this task.
EDIT
Thanks for the comments.
Ok, so basically, if am understanding correctly, both suggestions would mean storing a uniqueid in a cookie/localStorage on a Laptop/Device and also in my DB so i can recognize it in the future.
I was hoping, to be able to get a unique ID from the machine/device that is static and specific to machine/device so that I can use to track it. My concept would mean that a user would have several devices/machines that i have logged in from.
I will also be capturing the IP but i don't want to use that Key to identifying a user.
The chances of getting a precisely unique identifier from a browser is slim to none. There are many privacy risks associated with browsers providing a unique identifier string. However, you can always generate a random GUID for a session a user establishes, and store it either as localStorage or as a cookie.
Say, a link to a person is sent to a user via email. If the person is already logged into the webpage in his/her browser, clicking on the link takes him/her to the page. However, if he/she is not logged in, he/she should be asked to login in order to access the page. Is there a way to achieve the above functionality using jquery, javascript?
Yes. Build a back-end authentication system, using AJAX and whatever your server-side language is.
From there, develop a hypermedia-style of content-system, and a modular, "widget"-based application delivery model.
Within your hypermedia responses to login (plus passing whatever relevant path information was gained from the e-mail), either redirect the page to a new page (based on the linked response from the server), or download the widgets requested from the server (for whatever application you're displaying media in), and then stream in AJAX content (again, from a URL dictated by the server-response).
This is about as close as you're going to get to security, in terms of delivering things to the client, in real-time, with authentication.
If you were to load the reports/gallery/game/whatever, and put a div over it, and ask for users to log in, then smart users can just kill the div.
If you include the content, or include the application components (JS files), or even include the links to the JS files which will request and display the content, then clever people are again going to disassemble that, in 20 seconds, flat.
The only way I can see to do this is to have a common request-point, to touch the server, and conditionally load your application, based on "next-steps" URLs, passed to the client, based on successful authorization and/or successfully completing whatever the previous step was, plus doing authentication of some form on each request (REST-based tokens+nonces, or otherwise)...
This would keep the content (and any application-structure which might have vulnerabilities) from the client, until you can guarantee that the client has been properly authorized, and the entire application is running inside of multiple enclosed/sandboxed modules, with no direct access to one another, and only instance-based access to a shared-library.
Is it worth the work?
Who knows.
Are we talking about a NORAD nuclear-launch iPhone app, which must run in JavaScript?
Then no, engineering this whole thing for the next six months isn't overboard.
And again, all of this security falls over as soon as one person leaves themselves logged-in, and leaves their phone on the table (biometric authentication as well, then?).
Are we talking about a gallery or discount-offers that you want to prevent people to log into, so you know that only the invited people are using them?
Well, then an 18-month project to engineer, develop, debug and deploy a system like this is probably going to be overkill.
In this case, perhaps you can just do your best to prevent the average person from stealing your content or using your cut-prices, and accept that people who take the time to dig into and reverse-engineer everything are going to find a way to get what they want, 95 times out of 100.
In that case, perhaps just putting a login div overtop of the page IS what you're going to be looking for...
If you're dealing with, say a company back-end, or with company fiscals or end-user, private-data, or anything of the sort, then aside from meeting legal requirements for collection/display/storage, how much extra work you put into the security of the system depends on how much your company's willing to pay to do it.
If it makes you feel better, there are companies out there that pay $60,000-$150,000 a year, to use JS tracking/testing programs from Adobe. Those programs sit right there, on the webpage, most of the time, for anybody to see, as long as you know where to look.
So this isn't exactly an unknown problem.
Yes it is. By authenticating (login) you can store a "loggedIn" cookie which you have to delete by session end (logout or closing the browser). You can use that cookie to check if somebody is logged in or not. If not logged in, than you can display the login page and send the login request with ajax. Btw it is not a good practice to use hybrid applications like that. It is better to use SPA-s with REST service, or implement this on server side.
Since most visitor count services are based on measuring public sites I am not able to use such services.
My goal is to measure how many unique visitors are surfing on a specific Intranet site per day. The problem is that I have very litte technical possibilities since I was provided with a simple IIS web space. This means that I can only use HTML5 and JS (This site will only be accessed by iPads). Maybe there is a new HTML5 feature I am missing?
Thanks for any tips and hints.
Unique visits have to be tracked on the back end. You'll need to be able to use some server side code to track people, html and JS have no idea of unique visitors they run on the client side, so its basically static in that sense, a users computer has no idea of who else is using the site.
You'll have to use some type of backend language. (c#, PHP, VB, ...etc whole bunch of them)
You will also have to know what makes each user unique, maybe IP, but your on the intranet, that maybe the same for everyone.
You could simply have code that gets the unique id(maybe the IP), checks a text file, if its not in the text file add it to a new line, then just count the lines.