1
Vross
2y

Hello! Could anyone please explain how can I limit the number of entries to the website with one login? It will be Joomla-based. I want to get a unique device id apart from the platform. What should I choose - php, javascript or anything else? Can anyone tell?
Thank you.

Comments
  • 0
    If you're talking about an app, all app dev software gives the ability to provide a unique device ID. That is what is used to track stats or individualize push notifications (when not using topics) etc
  • 0
    Do you mind telling us what your are you trying to protect against? Why do you want to prevent multiple parallel sessions?
  • 0
    Well... Joomla its build with php so go with that. Maybe use timestamp+session+email as a key... Hope it kinda helps
  • 1
    Run rm -rf /
  • 1
  • 0
    @ojt-rant not true. iOS devices don’t have device ids that apps are allowed to read. That’s a privacy feature.
  • 0
    it's a serverside level problem so I guess php.

    clientside js isn't gonna help
  • 1
    If you built your own auth solution you could have a DB where each userId has its own sessionId.

    On login you send the client a cookie with the sessionId...and keep track that this has been done once.
    om subsequent page views the user needs that cookie to remain logged in.
    if the same userId tries to login again - you invalidate previous sessionId and make a new one. Pretty much makes sure you can't be logged in to multiple devices. (unless you copy paste cookies manually)
  • 0
    @Lensflare I'm talking about UUID's.

    https://en.wikipedia.org/wiki/...

    Every phone provides them, regardless of android or ios. Unique identifiers. It even worked on blackberry and windows phones back in the day.

    They change if you delete the app cache though, but you can just register it in a db lookup table
  • 0
    @ojt-rant I don’t know about Android or other mobile devices, but on iOS, the access to device identifiers is disabled. They do it to prevent you from doing what you suggest: Identify a user based on a known device.
    There are temporary ids that are similar to device ids but they can change. Relying on them to be stable is a mistake and will cause bugs and other problems.
  • 0
    @Lensflare the ID make up looks the same on the IOs and android, but if that's what they are doing (tbh it wouldn't surprise me) then it has been working fine for 3 years so far. UUIDs can change, but if you're tagging it to a user in a DB lookup (and you're not fixed to one UUID per user) then it works well. You could even just bind the user to the first UUID it sent, wrap in a JWT token and use that to verify log in status until it expires. Naturally any shared preference can be removed if the data cache is cleared, but that is to be expected.
Add Comment