Geolocation Keeping the Browser Session Persistent - php

I am working on a geolocation project that is browser-based and geared specifically towards mobile browsers. I won't go deep into details but overall the project uses geolocation across many pages and pieces of the project. The problem as it seems is that despite hitting "accept" and "allow" always on any given browser, when the user reloads a page they are prompted almost everytime to reallow the location authentication.
Which to me is weird, I've gone to sites with geolocation on it that it truly remembers that I allowed it, even if for the duration of me being on the site and not always. So with that I am wondering is there some type of special thing I need to do to store this authentication for a prolonged period on my project?
Currently I am using javascript-based geolocation through the google maps API and newer browser support for non ip based location. My project at the users discretion tracks where they are so other people connected to them can see where they are, where they have been, or where they plan to go (if they enter that in). There's more as well, but that's the basics. From a UX perspective, it's annoying to have to prompt my users every time the browser reloads to reauth the location.
So any advice anyone is able to give, or insight on how to handle this would be appreciated.

Cookies and sessions.
Right after detecting the user geo-location you should store it in a Cookie.
Every request from the server should look if there is a cookie set (with the user's location) and act upon it.
Over-simplified code:
// get user location (via javascript)
navigator.geolocation.getCurrentPosition(function(position)
{
initialLocation = new google.maps.LatLng(position.coords.latitude,position.coords.longitude);
}
// ajax the server with the user location
$.post('ajax/set_user_location.php', initialLocation);
Then on the server you grab the initialLocation and save it in a cookie.

Related

How can you save and share the data WITHOUT logging in

I was looking at jsfiddle and shrib.com and the concept of saving and sharing your notes/code without logging in or making an account fascinated me a lot. I noticed they make a different URL for every new entry. So do they save the entry associated with the corresponding code in the database and send cookies to remember the computer or something(using php)? I obviously looked at the source code but obviously the website wouldn't be just HTML. I just wish to understand the concept that works behind. I'm uncertain what should I Google so I came here. My friend thinks there would be no cookies involved.
Thank you for your feedback in advance.
They generate a unique ID which is embedded in the URL that you share; this is associated with the data in some back end storage so that it can be displayed when someone visits the URL.
Because of the requirement to share between users you can't use local storage or cookies, as this would only allow the original user to see the content, not share it.
They probably do use a database of somesort to keep track of the URL's and its content. i doubt it has much to do with anything and that as soon as you visit the url the request is checked and the corresponing page is show to the user.
Also. they probably keep track of the last time visit/active and destroy the input after a certain time period altho im not sure about this
Drawback of using cookies
Limited with low amount of data nearly 4kb It will include your every
HTTP request Will send same data again and again – it’s enough to
slow down your web application Unencrypted data over the internet
(unless your entire web application is served over SSL)
You can use HTML5 Local storage for save data
if(typeof(Storage) !== "undefined") {
// Code for localStorage/sessionStorage.
localStorage.setItem("lastname", "Smith");
} else {
// Sorry! No Web Storage support..
}
For More detail about HTML5 local storage you can refer Here

Check if first time viewing page

At the moment, I'm working on a website that could use some extra user usability, so I want to launch a couple of modal windows to aid users on their first time visiting of a couple pages.
I want to check if it is a users time time viewing a specific page. I've read about how you can run into problems when using cookies to do this. They can be deleted, the user can use a different PC or device, etc.
Also, I want to check for multiple pages if it's their first time viewing, not only directly after login.
I'm guessing a good idea for this would be to make a separate table with the pages in it that I need and setting a boolean for it if it is viewed or not.
Would this be the best way going about doing this?
There isn't a highly reliable way of doing that:
You can use cookies, but as you said, they are not reliable, a user can change PC, delete cookies, change browser, etc.
You can try using an IP address, but that's also not reliable. If a user switches address (which can today happen as you walk down the street with your mobile phone) he'll see the page over and over again. Moreover, if some other user happens to stumble upon the IP address the first user used, he won't see your tour/tutorial.
What I can suggest you is that you use cookies to detect if the user is new, but don't automatically throw the help modules on him, but prompt him using an non-obstructive toolbar at the top or bottom (never a popup window or lightbox).
That way, you get most of the users (because many people use the same browser and computer and rarely delete all their cookies), and even if a user has deleted his cookies/he still won't be disturbed that much.
There is no reliable approach if user is not registered and logged in with her/his username & password.
As mentioned before, there is no reliable way of detecting users ( and detecting if the user visits the site the first time), I also recomend Madara Uchiha's aproach, also you colud use html5 local storage in addition to cookies, both are not 100% reliable
u can however try user recognition without relying on cookies or html5 storage, but this is extremly complicated, u dont want to do this.
Just to satisfy your curiosity about how to do this, check this epic answer on a related question:
User recognition without cookies or local storage
I think, as I believe, there is no way with no solution. I think, a possible way consists of some parameters which first to be said and and finally by considering those, we can be able to talk about possibilities and impossibilities.
My parameters are in the below;
talk about features of a webpage as "User Detection" and detail them
think about reactions (I mean being fast to click on any elements of a page or not) on a webpage
inspect elements
URL injection
other reactions like click on some parts as spots placed on the page
stay on that page up to a time defined for being and checking authorizing
and so some solutions like the ones above.

Is there any computer specific information besides the IP address for tracking?

I am developing a program to that only allows the same computer to view a specific page once, and after that I am blocking access to that page.
My question is, the IP address works ok but some users have a new IP every time they visit the site. I have come across other sites in the past that use some other means of tracking users, as even with a different IP on the same computer I can't view restricted content.
Anyone have any thoughts?
What are the other option(s) to the IP Address?
The best you can do is tie up the functionality to a user account. That way, you have control over what the user sees.
Tying up to a machine isn't reliable.
IPs change frequently or can be spoofed. What if the user used proxies?
UAs can also be spoofed
Cookies can be disabled or deleted
LocalStorage can also be deleted and is not widely supported
Basically, a user has all the freedom to be free from your restrictions unless they opt to sign up with your service. That's what you call privacy as well.
And did you ever think when users share PCs? What if your dad got blocked on your laptop? You can't view it on your laptop anymore.
There isn't one method that you can use to be unique to any one computer.
You can set a cookie on that browser, but the user could use another browser or just delete the cookie.
There are 3rd party services that run a flash module to get computer specific data to create a guid that you can use, but that's more expensive and also requires the user to load your flash module, which means it wouldn't work on some mobile browsers.
If the page is not public and sent to the user (ie by email), you can generate the URL with an ID, and them invalidate the ID once that the page is visited.
This is the usual approach used by email validation pages.

remote user name

Is it possible to get remote username when I get a referral link without involving any server side code from the referral link?
Do you mean like if I clicked a link to your site on Stack Overflow, you would want to be able to see that my username is "Agent Conundrum"? No, you can't do that without the help of the referring site. The only information you should be able to get is the (permanently misspelled) HTTP_REFERER in the $_SERVER superglobal array, which tells you the page the user came from. Even then, there are ways to block or change this so you shouldn't count on it being set (especially since it wouldn't be set if the user navigated directly to your page via the address bar).
Frankly, I wouldn't want to use a site that leaked personal information (and for some sites, even the username qualifies as personal information), and I wouldn't want to use a site that tries to harvest such leaked information without my knowledge.
Generally, any site where you have a legitimate reason to broadcast this information would have some sort of API built in, like FacebookConnect. Even then, it should be strictly opt-in for the user.
As a general thing: no. The HTTP protocol does not involve the transmission of a remote user name.
Hey, it could help to answer if you would be a little more specific on which kind of service are you trying to fetch the data from.
Large/Public services tend to have somekind of an accessible API that you can fork on your referrer, but other than that its mostly that you need to regexp the site and know the structure of the HTML pretty much.

how phpmyvisitors works?

i have installed "phpmyvisitors" cms to get statistics of my sites visits.
it is written in php and is open source.
i gets many useful information like:
-total visits
-viewed pages
-visitor browser informations
-visitor distribution over the world
-how visitors access to site
-how much time they spend on sites
and ....
it is some think like Google Analytics.but fewer features.
my question is:
" how does it do all of them? "
I assume you mean phpMyVisites?
At a quick glance, it works very similarly to Google Analytics: A JavaScript snippet is embedded that sends a request to the server phpMyVisites runs on. That request contains all information JavaScript can get out of the client: Language, Screen resolution, browser version, OS....
On server side, I assume all that information is collected into a database, and a session cookie is set so different visitors can be told apart.
For users without JavaScript, an image tag will be included to at least get some basic information (IP and browser type can be found out on server side without JavaScript) and count the hit:
<noscript>
<p>phpMyVisites : better than Google analytics!
<img src="http://www.phpmyvisites.us/phpmv2/phpmyvisites.php"
alt="phpMyVisites" style="border:0" />
</p>
</noscript>
To recognize the country of a visitor, it is possible that a web service is contacted that tries to determine the country based on the visitor's IP address.
Everything else is "just" database analysis really - analyzing, calculating and presenting the data requested. If you want to know how a specific aspect of that works, I suggest you ask a new question detailing the aspect you want to know more about.

Categories