evercookie is a javascript API that produces extremely persistent, respawning cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
JavaScript HTML C# CSS Java PHP
Latest commit 992b8a5 Jun 13, 2016 @samyk committed on GitHub http -> https links
Failed to load latest commit information.
assets Fix for Cross-Site Scripting issue Feb 3, 2015
css moved Jun 29, 2014
js Fix crossOrigin Error in chrome Dec 10, 2015
php Added hsts cookie support Oct 25, 2015
.gitignore Exclude IDEA project files Sep 28, 2013
ChangeLog Fix tabs Jul 12, 2013
README.md http -> https links Jun 14, 2016
index.html added analystic tracking back in Jun 29, 2014

README.md

Evercookie

Evercookie is a Javascript API that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

This is accomplished by storing the cookie data as many browser storage mechanisms as possible. If cookie data is removed from any of the storage mechanisms, evercookie aggressively re-creates it in each mechanism as long as one is still intact.

If the Flash LSO, Silverlight or Java mechanism is available, Evercookie can even propagate cookies between different browsers on the same client machine!

By Samy Kamkar, with awesome contributions from others

Browser Storage Mechanisms

Client browsers must support as many of the following storage mechanisms as possible in order for Evercookie to be effective.

To be implemented someday (perhaps by you?):

  • Google Gears
  • Using Java to produce a unique key based off of NIC info
  • Caching in HTTP Authentication
  • Other methods? Please comment!

The Java persistence mechanisms are developed and maintained by Gabriel Bauman over here.

Backend Server

Some of the storage mechanisms require a backend server. This package comes with PHP implementation of the etag, cache and png backend servers.

Caveats

Be warned! Evercookie can potentially cause problems for you or your users.

  • Some storage mechanisms involve loading Silverlight or Flash in the client browser. On some machines this can be a very slow process with lots of disk thrashing. On older mobile devices this can render your site unusable.

  • CSS History Knocking can cause a large number of HTTP requests when a cookie is first being set.

  • In some circles, it is considered rude to use Evercookie. Consider your reputation and your audience when using Evercookie in production.

  • Browser vendors are doing their best to plug many of the holes exploited by Evercookie. This is a good thing for the Internet, but it means what works today may not work so well tomorrow.

You are responsible for your own decision to use Evercookie. Choose wisely.

Got an idea?

Open a pull request!