You can use sessions, yes. Although when you want to make sure the user can be identified over multiple days you might have to consider another solution. Sessions basically consist of a dataset on your server combined with a cookie in the user’s browser. And they can delete those cookies, of course.
writen by Benedikt
Sessions + taking advantage of Local Storage
writen by Pere Ayats
I think Marc did using IP address and device/browser fingerprinting. Not 100% sure tho. 🤔
writen by Suvojit Manna
Thanks all guys. So sessions + IP address combination is good, right?
writen by Dobroslav Radosavljevič
Most unique is fingerprinting
writen by Benedikt
If you used IP I would suggest combining it with the user agent
writen by Benedikt
for 50 Hacks I identify voters with ip 1 ip = 1 vote/hack Also, I keep track in the localStorage of the votes so 1 non-techy can’t click the voting button multiple times
Does it go against the GDPR? Dobroslav Radosavljevič & I are wondering
writen by Marc Lou
It’s not against GDPR if you use it for security reasons (what you kind of do). In this case it’s (imho) kind of gray because you could also use it for tracking/identification if not anonymized. In any case you have to explain the usage on you data protection page.
writen by Benedikt
What about browser fingerprint? User Agent, etc.
writen by Dobroslav Radosavljevič
User agent (afaik) is ok, in combination with IP as well if used for security/technical reasons. Fingerprinting should need consent since this is very much a tracking approach. Although it might also be ok for security reasons.
writen by Benedikt
https://www.npmjs.com/package/@fingerprintjs/fingerprintjs Well I found this…If you just generate hash, send it to server, save to db and then identify browser with that hash when he visit website or do some action…That might be ok, or not?
writen by Dobroslav Radosavljevič
It might be. Although since the fingerprint hash would be the same for each browser this is basically even more private info than with IP addresses. And you could even track users with that hash across different apps. If the hash doesn’t include app information that is.
writen by Benedikt
That’s nice
writen by Dobroslav Radosavljevič
Thanks you for your insights Benedikt You helped me a lot!
writen by Dobroslav Radosavljevič