How can I identify a client on the server?

Suppose: 10,000 people use the services of an operator to provide communication in the local and Internet networks.

Every person on this network has:

external dynamic IP (can be the same for network users) and internal static IP.

For each person, an account on the server (the server is on the Internet) must be created automatically (login and password are generated by the server)

if you use different types of storages (local storage, cookies, flash storage, etc.) to store unique IDs that can be sent to the client from the server, then you can create as many accounts as you like (1000, 100000 or more) for the minimum amount of time.

Question: How to identify a person on the server, so that any device can be used (mobile, tablets, computers, nuotbuki)?

  • @Igor what?.?.? - Yuri Svetlov
  • And what, by ip, to identify is not destiny - Mike
  • @Mike Mike - no, it’s written that they have a dynamic type, which means that they have an external type, maybe the same. - Yuri Svetlov
  • @Mike will now edit the question. this is bad ..... if all 1000 robot people (bots) enter at the same time, then the system may think that an attack has taken place and block access for all. eh .... there is no way out? - Yuri Svetlov
  • For this, in fact, they use captcha and self-registration. And without registering, you are not identifying a person. He can also log into the server from a computer that is connected via the home Internet and simultaneously from a mobile phone connected via a mobile operator ... - Mike

2 answers 2

Against ordinary users is enough cookies.
Against those who want to cheat akk nothing will save.
Or static IP can not be changed in any way? But getting it from NAT difficult, even impossible.

Concentrate on catching akkov without activity, time limit for registration from one IP and other buns, which are quite a lot on the network.

  • This is an interesting option and it was supposed to use it in the architecture developed by me. It looks like this is the only way to identify. Eh ... - Yuri Svetlov
  • @YuriySvetlov, such is the fate :) - user207618

Google it

X-Client-IP

and especially this

X-Forwarded-For

I do not understand the question, but X-Forwarded-For once met me.

  • Few of the providers use proxies that put these fields. Usually providers use a masquerade which by definition does not change the data in the packets and does not add headers - Mike
  • Sorry then, probably only mine. - Tomash Tarasovich