用户信息通过HTTP头部承载:不能实现用户唯一性标识。

w

HTTP The Definitive Guide

Table 11-1 shows the seven HTTP request headers that most commonly carry information about the
user. We'll discuss the first three now; the last four headers are used for more advanced identification
techniques that we'll discuss later.

The From header contains the user's email address. Ideally, this would be a viable source of user
identification, because each user would have a different email address. However, few browsers send From headers, due to worries of unscrupulous servers collecting email addresses and using them for
junk mail distribution. In practice, From headers are sent by automated robots or spiders so that if
something goes astray, a webmaster has someplace to send angry email complaints.
The User-Agent header tells the server information about the browser the user is using, including the
name and version of the program, and often information about the operating system. This sometimes
is useful for customizing content to interoperate well with particular browsers and their attributes, but
that doesn't do much to help identify the particular user in any meaningful way. Here are two User-
Agent headers, one sent by Netscape Navigator and the other by Microsoft Internet Explorer:
Navigator 6.2

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-
US; rv:0.9.4) Gecko/20011128
Netscape6/6.2.1
Internet Explorer 6.01

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)
The Referer header provides the URL of the page the user is coming from. The Referer header alone
does not directly identify the user, but it does tell what page the user previously visited. You can use
this to better understand user browsing behavior and user interests. For example, if you arrive at a web
server coming from a baseball site, the server may infer you are a baseball fan.
The From, User-Agent, and Referer headers are insufficient for dependable identification purposes.
The remaining sections discuss more precise schemes to identify particular users.

HTTP Headers Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  3. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  4. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  5. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  6. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  7. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  8. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  9. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

随机推荐

  1. python 获取当前时间的用法

    1.先导入库:import datetime 2.获取当前日期和时间:now_time = datetime.datetime.now() 3.格式化成我们想要的日期:strftime() 比如:“2 ...

  2. vue中config/index.js:配置的详细理解

    当我们需要和后台分离部署的时候,必须配置config/index.js: 用vue-cli 自动构建的目录里面  (环境变量及其基本变量的配置) var path = require('path') ...

  3. 使用libjpeg 压缩yuv420到jpg (内存方式)

    #include <Windows.h> #include <stdio.h> extern "C" { #include <jpeglib.h> ...

  4. ibatis时间比较大小

     <![CDATA[          A.RFID_Time >= #StartTime#          ]]>时间搜索功能 A.RFID_Time <![CDATA[  ...

  5. 一款基于jquery的喜欢动画按钮

    今天给大家带来一款基于jquery的喜欢动画按钮.这个实例中给了三种动画特效.效果图如下: 在线预览   源码下载 实现的代码. html代码: <p class='heading'> C ...

  6. 一份不错的php面试题(附答案)(笔试题)

    一.基础题1. 写出如下程序的输出结果 <?php $str1 = null; $str2 = false; echo $str1==$str2 ? '相等' : '不相等'; $str3 = ...

  7. CEF Xilium.CefGlue 在当前窗体中打开全部链接(防止弹窗)

    我们在使用Xilium.CefGlue编写浏览器应用程序时.对于嵌入的网页假设有链接会在新窗体打开.这种用户体验会非常差.因此我们须要改动程序,使全部链接都在当前窗体中打开. 首先引用Xilium.C ...

  8. 绑定内网和安全redis和mongo以及MQ

    redis允许局域网访问其实很简单.网上一堆都不怎么靠谱. 特此记录一下. 可参考此篇 假设A B 两台机器 在B(ip:192.168.1.99)机器上修改redis配置文件 bind 192.16 ...

  9. HTML5关于上传API的一些使用(上)

    HTML5提供了很多有用的API,其中就包括上传的API,XMLHttpRequest2.0,在HTML5时代之前,需要进行二进制的上传一般都会才用flash的方案,但是当XMLHttpRequest ...

  10. Nginx服务器防止被压力测试

    最近经常用人帮忙做压力测试,用webbech或者ab等一些工具模拟并发压服务器,若服务器没有限制连接数或带宽,服务器很容易被压跨.cat nginx.conf…http {…limit_conn_zo ...