Posts: 114
Threads: 32
Joined: Dec 2019
Reputation:
1
Location: Россия
Find out the ID of the device on which the client is running?
Situation :
When the client is working with the application, he left the program for a short time and must re-enter the username and password when re-logging in.
The idea:
To remember the ID of the device on which the client is working and, if the device ID has not changed when re-logging in, restore authorization without a LOGIN-PASSWORD request
Question: How do I find out the ID of the device on which the client is running?
Posts: 114
Threads: 32
Joined: Dec 2019
Reputation:
1
Location: Россия
Maybe somehow you can find out the browser ID that the client uses? Or some other unique identifier .....
Posts: 2,267
Threads: 199
Joined: Mar 2018
Reputation:
86
Location: Auckland, New Zealand
04-26-2023, 08:49 PM
(This post was last modified: 04-26-2023, 08:53 PM by Alexandre Machado.)
You mean only mobile devices or any device?
Browsers have very limited access to any hardware related stuff for security reasons. You can save data on the browser's local storage area, and read it back when the application starts, bypassing the login, but this also imposes a security risk (in case someone use that data stored and impersonate the user).
Browser fingerprinting also can be used to identify a user, but it is far from perfect too. For instance, cloned machines (common in corporate environments) can have the same fingerprint.
If you decide to go through this route, I suggest you use multiple techniques to avoid impersonation, but even then it will not be 100% safe. I would never use that in an application exposed to the internet.
Another idea is to use the new oAuth 2.0 feature that we have just implemented. Very easy to skip the login if the user is already connected to their google or microsoft account.
Posts: 114
Threads: 32
Joined: Dec 2019
Reputation:
1
Location: Россия
04-27-2023, 03:21 AM
(This post was last modified: 04-27-2023, 03:22 AM by Сергей Александрович.)
I proceed from the assumption that when a client has registered in the system, he is alone at the computer or in his hands a mobile device. If the client leaves the personal account by selecting the exit option in the corresponding menu, then in this case the next login to the personal account must be with a login and password request. And if the client leaves the personal account by clicking on some link or as a result of an error or carelessness closing the browser, then in this case I would like to let him into the account without additional login-password requests.
I was interested in the option of saving data in the browser's local storage. Write in more detail how to do this.
Posts: 114
Threads: 32
Joined: Dec 2019
Reputation:
1
Location: Россия
Yes, it fits. Unfortunately, I have never worked with cookies. Could you send an example of how to do this?
Posts: 2,267
Threads: 199
Joined: Mar 2018
Reputation:
86
Location: Auckland, New Zealand
I'll create an example for you showing how to store information in browser's local storage and retrieve it in order to avoid a new login.
Please give me a couple of hours and I'll publish it in our github demo repository
Posts: 114
Threads: 32
Joined: Dec 2019
Reputation:
1
Location: Россия
The problem is solved. If someone is interested in the solution method, then I give it below.
Previously, in the body of the program, after the successful registration of the client, we provide to write the corresponding information to the components with the names lbUserLogin and lbUserPassw.
In the program after successful client registration in ScriptEvents writing:
// Saving data in localStorage
var UserLogin = document.getElementById("LBUSERLOGIN").textContent;
var UserPassw = document.getElementById("LBUSERPASSW").textContent;
localStorage.setItem('UserLogin',UserLogin);
localStorage.setItem('UserPassw',UserPassw);
//Before requesting registration data (Login-Password) from the client, we will check whether these data are available in LovalStorage
in ScriptEvents writing:
var UserLogin = localStorage.getItem('UserLogin');
var UserPassw = localStorage.getItem('UserPassw');
document.getElementById("EDAUTOLOGIN").value = UserLogin;
document.getElementById("EDAUTOPASSW").value = UserPassw;
Next, in the body of the program, we analyze the information in the edAutologin and edAutopassw components and use it to register a client in the system without asking a question to enter registration data.
To reset information in localStorage :
On the "Exit" button in ScriptEvents writing:
// Clear Data in LocalStorage
localStorage.setItem('UserLogin','');
localStorage.setItem('UserPassw','');
Good luck in mastering JavaScript