I want to make a website that I thought up, but I don't want to have the users register. Instead, I want some sort of unique id that can be retrieved using PHP. This unique ID could be to be with the network they are using, or their computer.
One idea I was thinking of was getting the users HWID and using that. Would that be possible?
Can someone give me the advantages and disadvantages of doing this, and also give me some examples of what I could use?
分享 What you're describing is very similar to PHP sessions. A user is given a unique ID, and on the server side the unique ID is assigned variables (in the form of the $_SESSION superglobal). The user will then send the unique ID with every request (be it with a cookie or a get variable), and PHP will fetch the variables and set the proper $_SESSION array.
This is somewhat problematic in terms of security. The session ID can be stolen (over insecure WiFi for instance), and then the server will wrongly identify the attacker as the victim (in case of administration and limited access, this is problematic). Nothing beats a good username/passphrase combo to secure an area.
If no sensitive information is stored, than by all means sessions are a very good solution.
See the PHP manual about sessions.
You should note though, if the user will erase his cookies (if the session ID is transferred via a cookie), or clear the URL from variables (in case of GET variable), the session will expire, and the user will no longer be recognized. A server cannot absolutely identify a client. What if the user would format/switch computers? Or what if he wishes to use your service from another computer? If those are the cases, then you want to use a registration and login system.
分享
