跟踪未登录的用户 [英] Track a user that is not logged in

问题描述

是否可以在不使用会话或cookie的情况下跟踪未登录的用户?有没有更可靠的方法?
就像www.filefactory.com或其他类似的下载空间网站一样，他们可以跟踪您是否是免费用户并发送下载请求，在开始下一次下载之前，您必须等待x时间，我认为它使用了会话或cookie，但在清除会话后和Cookie或更改IP地址，还是一样.

Is it possible to track not logged in user without using session or a cookie? Is there a more reliable way?
Just like www.filefactory.com or other similar download space website, they can track if you are free user and send download request, before starting next download you must wait x time, I was thinking it used session or cookies, but after clearing session and cookie or change IP address, it's still the same.

我是一个尝试创建网站的新手，像这样的示例网站一样，我必须在登录之前跟踪用户，我正在使用php和javascript设置会话和超时来保持用户状态(将文件写入dir或... 我一直在搜索很长一段时间，如果有人知道任何教程或只是一点线索如何像本网站一样，将不胜感激.

I'm a newbie trying to create a website, I have to track user before logged in like this example site, I'm using php and javascript set session and timeout to keep catch user status (to write file in dir or ... I've been searching a long time, if anyone knows any tutorial or just a little clue how to do it like this site it would be appreciated..

谢谢！

推荐答案

您不会跟踪未登录的用户，而是跟踪已登录的用户.因此默认情况下，每个人都可以获取链接，因为您必须等待xx秒.如果清除cookie并开始新的会话，则您仍然是默认用户.

You dont track who is not logged in, you track whois logged in. So by default everybody gets the link for you must wait xx amount of seconds. If you clear cookies and start a new session, you are still a default user.

现在，当有人登录时，您可以输入经过身份验证的会话.然后在页面上显示您检查的链接.现在，如果该登录用户清除了他的cookie，他将再次成为默认用户，直到他再次登录.

Now when somebody logs in, you can put in the session that he is authenticated. Then on the page to show the link you check that. Now if this logged in user would clear his cookies, he would become a default user again untill he logs in again.

//not actual php code
if (authenticated) {
  //show direct download link
} else {
  //show link after xx seconds
}

如果您不想使用会话来跟踪已登录的用户，则可以使用其他方法，但大多数情况下并不需要，甚至不太安全.另一种方法是使用authenticate header或将信息保留在查询字符串中.在我看来，这两种方法都不太安全，但可以使用.

If you dont want to use session to keep track of logged in users, there are other ways, but most often its not realy needed or even less secure. Another way could be to use the authenticate header or keep the information in the query string. Both are less secure in my opion, but could be used.

现在，如果目标是阻止免费用户下载两个文件并需要等待第二个链接，则还可以通过将用户信息组合到某种哈希中来进行有根据的猜测，以确定其是否为同一用户. EG用户代理，IP地址，位置.这不会是100％准确的，但可以让您了解一个无需会话即可返回的免费用户.

Now if the goal is to prevent free users from downloading two files and need to wait for the second link, you can also make an educated guess if its the same user by combining user information to some sort of hash. EG user-agent, ip-address, location. This will not be 100% accurate, but could give you some idea of a returning free user without sessions.

这篇关于跟踪未登录的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！