I'm working on an analytics tool. I would like to be able to reasonably identify unique users (or more likely, unique machines) -- some degree of inaccuracy is okay. I need to support both low-level devices (Android/iOS) and web (JS/Flash), because I'm building the clients in Haxe. (The other caveat of this is that I can't use language-specific APIs.)
Previously, I used the tuple of (ip, mac address) to uniquely identify users. However, in Flash (and Javascript), you don't have access to the mac address. It occurred to me that I should store and manage identity on the server side, perhaps with a GUID. The client would request a GUID (or some sort of ID) from the server, and use that for any subsequent requests from the same device.
However, I'm not sure if a GUID is a good idea; or if I should supplement it with the IP or other information. (I do have access to get the IP from the client side.)
The workflow on the client would be:
- Check for a stored unique identifier
- If it exists, send it with all requests
- If it doesn't, make a call to request a unique identifier and store it
- Send the unique identifier with all subsequent calls
Of course, this would only be unique per device, and there may be some way to get a false positive of two users by removing the identifier on the local device.
On the server side, it would be as simple as generating a new GUID and sending it to the user when they request a unique identifier.
Is this a good approach? Is there a better approach?
