Skip to content
This repository

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

branch: master
2 comments

Merge pull request #51 from m8rge/patch-1

prevent forever set loop
latest commit af34cf7dbc
Samy Kamkar authored
Octocat-spinner-32 evercookie_sl version 0.4 with silverlight, window.name and standard cache support
Octocat-spinner-32 .gitignore Exclude IDEA project files
Octocat-spinner-32 ChangeLog Fix tabs
Octocat-spinner-32 EvercookieCacheServlet.java Avoid a NullPointerException if no cookies are received
Octocat-spinner-32 EvercookieEtagServlet.java Avoid a NullPointerException if no cookies are received
Octocat-spinner-32 EvercookiePngServlet.java Remove duplicate code.
Octocat-spinner-32 README.md add node.js backend server implementation to readme
Octocat-spinner-32 evercookie.fla release 0.2 (first git commit)
Octocat-spinner-32 evercookie.jar Add Java applet and JNLP descriptor
Octocat-spinner-32 evercookie.jnlp Add Java applet and JNLP descriptor
Octocat-spinner-32 evercookie.js prevent forever set loop
Octocat-spinner-32 evercookie.swf release 0.2 (first git commit)
Octocat-spinner-32 evercookie.xap version 0.4 with silverlight, window.name and standard cache support
Octocat-spinner-32 evercookie_cache.php version 0.4 with silverlight, window.name and standard cache support
Octocat-spinner-32 evercookie_etag.php Add source for apache_request_headers function
Octocat-spinner-32 evercookie_png.php version 0.4 with silverlight, window.name and standard cache support
Octocat-spinner-32 index.html index.html should not be index.php just because we need to generate a…
Octocat-spinner-32 master.css index.html should not be index.php just because we need to generate a…
Octocat-spinner-32 swfobject-2.2.min.js release 0.3 with etag + userdata support
README.md

Evercookie

Evercookie is a Javascript API that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

This is accomplished by storing the cookie data as many browser storage mechanisms as possible. If cookie data is removed from any of the storage mechanisms, evercookie aggressively re-creates it in each mechanism as long as one is still intact.

If the LSO mechanism is available, Evercookie may even propagate cookies between different browsers on the same client machine!

Browser Storage Mechanisms

Client browsers must support as many of the following storage mechanisms as possible in order for Evercookie to be effective.

To be implemented someday (perhaps by you?):

The Java persistence mechanisms are developed and maintained by Gabriel Bauman over here.

Backend Server

Some of the storage mechanisms require backend server. This package comes with PHP implementation of etag, cache and png. For Node.js version, please visit node-evercookie. If you port backend server to other languages, please open a pull request!

Caveats

Be warned! Evercookie can potentially cause problems for you or your users.

  • Some storage mechanisms involve loading Silverlight or Flash in the client browser. On some machines this can be a very slow process with lots of disk thrashing. On older mobile devices this can render your site unusable.

  • CSS History Knocking can cause a large number of HTTP requests when a cookie is first being set.

  • In some circles, it is considered rude to use Evercookie. Consider your reputation and your audience when using Evercookie in production.

  • Browser vendors are doing their best to plug many of the holes exploited by Evercookie. This is a good thing for the Internet, but it means what works today may not work so well tomorrow.

You are responsible for your own decision to use Evercookie. Choose wisely.

Got an idea?

Open a pull request!

Something went wrong with that request. Please try again.