A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

Browser.uuid property

Cristian_Lorenzetto
2017-03-01

searching in github code for having a browser id (a kind of finger) i find many javascript plugin making strange algorithm sincerelly useless for having a id granting to be unique. Consiering in cordova there is device.uuid and browser is more and more similar to a mobile device , could be usefull to have a id

jhpratt
2017-03-01

Why not just assign a UID to a user when they connect? This can easily be handled by the server.

Cristian_Lorenzetto
2017-03-01

as you know http connection is stateless so , server can assign a id for every connection. Not a unique id to a client indipedent if i was connected yesterday or today in the same client.

jhpratt
2017-03-01

Cookies and/or local storage? This is assuming that the end user has these enabled, but the vast majority of people do.

Cristian_Lorenzetto
2017-03-01

cookies can be override for session or removed. local storage or indexed db could be better but user can remove data so you lose the identity. Instead is you assign a unique id when the browser is installed conecting to browser server id provider (firefox/chrome/… id provider) you are sure id is unique and you can trace correcly or add logic based on this new information. In this way a server can auto detect a lot of features … and has correct behaviour…

jhpratt
2017-03-01

What is the use case of this such that it matters if the user has an ID reset? To me, at the point you may as well just register user accounts. If cookies or local storage are removed, that is the fault of the user, and they would deal with the consequences.

If you can share a use case for this where accounts would not suffice, it would be great.

Cristian_Lorenzetto
2017-03-01

id can not be reset. it is a readeable property. if you tell about register user … you add another thing … a authenticated session. There are also anonimous surfing.it dont solve the problem above

jhpratt
2017-03-01

I’m referring to the cookie or local storage option. Why would it matter if an ID is reset? I would think a user account would suffice whenever this would be an issue.

Edit: Since you edited your comment before I had a chance to finish mine, why not use anonymous accounts?

Cristian_Lorenzetto
2017-03-01

sorry but if i m telling to identify the browser instance … and add custom behaviour also for anonimous surfing … cookies and other caches can be removed by user. they can be used for identifcation for definition. in my house the logic is very simple. cache can be removed => data is lost => identity is lost => so it is proved it is useless for identification.

jhpratt
2017-03-01

Yeah, I still don’t see why anonymous accounts are not an option. I’ll back out of this until someone else has a chance to see this thread. Just to reiterate though, removing cookies is the fault of the user, and their experience would be reduced as a result of doing so. I see no reason why that isn’t acceptable.

On a side note, please stop editing your responses immediately after posting. I’m constructing a response, then you change the very thing I’m responding to.

Garbee
2017-03-01

You can build things to reject users changing data on the client-side. So the session is stored server-side and the cookie just holds an identifier to that session.

Anything can be removed at any point not only by the user but by the browser or their OS cleaning space. This is a known thing about web dev that developers need to take into account when engineering their applications.

Without a clear use-case where this provides benefit over existing setups nothing is likely to be worked on. Currently, tangible use-case has been provided that isn’t already doable with the abundance of existing technologies available for session/state management.

Cristian_Lorenzetto
2017-03-01

1 ) why server wont handle user error. 2) user could be obliged to clear cache because for example the browser uses too much space. It dont means he want remove his configuration.
3) because is a way not praticable in the programming world because there are many server or ufficial package overrideing cookies for internal logic for temporay logic. cookie is used for temporay logic not for persistent , resilient and constant logic. why network , and device has mac/serial id ? they could use a cookie removable? it is not the same? it is the same question.Absurd

Garbee
2017-03-01

I don’t understand this. Could you be clearer about what you expect to be handled in what way?

In the case of users with an account, you tie their settings to their account so when they log in again their settings are used. For anonymous users… Well, they’re anonymous for a reason. If they clear their cache (or their browser/OS has to) their config is gone, but they have their disk space. That’s the tradeoff.

Cookies are only editable by the domain. No external system should be overwriting your origin’s cookies. This is a part of the “Same Origin Policy” that browsers adhere to. If you include a package on your origin that is writing on top of your cookies, then you need to handle that conflict as the developer. It’s pretty easy, just rename the cookie name you use.

Because, what you’re asking for seems to be for browser to generate a unique identifier to a user at install-time that persists for that entire install. Which, opens an extreme privacy issue since there then would be a direct identifier to a given user that currently doesn’t exist. There are side effects to be thought about where such an identifier has the ability to be extremely mis-used. They outweigh any developer benefit from having one.

Cristian_Lorenzetto
2017-03-01
  1. if i have a logic saved in a server related to the browser instance. If a user remove it. You create a inconsistent state. Why handle it is stupid way when is possible to solve it in better way?
  2. you answer is meanless. you suppose to use a session and a account. Why do to introduce a new condition in the question for solving it? the problems are solved not changing the condition of the question else the problem is changed. this logically is absurd. If for the business logic ii can t register the user? if the surfing is anonimous? you answer is logically inconstent.
  3. yes but it is editable and removable by user. 4)there is no privacy problem else also mac or serial device id gives privacy problem.When you reinstall a browser id changed but it logically consistent. you reinstalled all and id identifies the browser not the user.
jhpratt
2017-03-01

Having read both comments, you need to consider what he has said. You completely disregard many of the points he makes, which is simply rude. You are bringing up the point of a user removing the data, yet Garbee already clearly stated why this is unavoidable. Also, he is not introducing a new condition, he is proposing a solution to your problem.

Cristian_Lorenzetto
2017-03-01

in mathematic there is a theorem assertion and a proof… the proof dont change the teorem assertion for proving it. It is the basic of the logic.

jhpratt
2017-03-01

He is proposing a solution. If you don’t like that, feel free to present a use case that has not already had multiple solutions proposed.

Sorry to be blunt, but you’re not listening.

Cristian_Lorenzetto
2017-03-01

yes you are proposing a solution but is not answering to the initial problem but it solves another one. cooke is removable so cant identify the browser . for this reason there is serial id.I dont invent anything :slight_smile:

jhpratt
2017-03-01

And that is simply not true. Cookies, local storage, and anonymous accounts all solve the problem at hand, and you have not shown how they don’t. Any data can be removed. There is no way around it, you have to plan for that. A unique ID for the browser can be erased just as readily as a browser cookie.

Solutions exist, you just don’t like them.

This is the last response I will have, as I have better things to do than reiterate what has already been stated multiple times.

Cristian_Lorenzetto
2017-03-01

why serial id is printed and not removable in a device? boh i seeams to speak with amartian ahaha :slight_smile: i m Morck and i living in Ork :slight_smile: Cookeis is removable ? yes! other words for me are useless. For definition it contradicts the ipothesis. to realise this feature requires 2 hours for developers because there is already a browser provider.