问题
I'm looking at creating an anonymous poll. However, I want to prevent users from voting twice. I was thinking of hashing some request.META values like so:
from hashlib import md5
request_id_keys = (
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_USER_AGENT',
'REMOTE_ADDR',
)
request_id = md5('|'.join([request.META.get(k, '') for k in requst_id_keys])).hexdigest()
My questions:
- Good idea? Bad idea? Why?
- Are some of these keys redundant or just overkill? Why?
- Are some of these easily changeable? For example, I'm considering removing
HTTP_USER_AGENTbecause I know that's just a simple config change. - Know of a better way of accomplishing this semi-unique identifier that is flexible enough to handle people sharing IP's (NAT) but that a simple config change won't create a new hash?
回答1:
All of this params are fairly easy to change. Why not just use a cookie for that purpose? I guess something like evercookie
evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
来源:https://stackoverflow.com/questions/5086371/django-creating-a-unique-identifier-for-a-user-based-on-request-meta-values