因为我想解决方案工作在所有机器和所有浏览器(在合理的范围内)，我试图使用javascript创建一个解决方案。

这难道不是一个不使用javascript的好理由吗?

正如其他人所说，饼干可能是你最好的选择，但要知道它的局限性。

通过HTTP连接只能获得少量信息。

IP - But as others have said, this is not fixed for many, if not most Internet users due to their ISP's dynamic allocation policies. Useragent String - Nearly all browsers send what kind of browser they are with every request. However, this can be set by the user in many browsers today. Collection of request fields - There are other fields sent with each request, such as supported encodings, etc. These, if used in the aggregate can help to ID a user's machine, but again are browser dependent and can be changed. Cookies - Setting a cookie is another way to identify a machine, or more specifically a browser on a machine, but as others have said, these can be deleted, or turned off by the users, and are only applicable on a browser, not a machine.

So, the correct response is that you cannot achieve what you would live via the HTTP over IP protocols alone. However, using a combination of cookies, as well as IP, and the fields in the HTTP request, you have a good chance at guessing, sort of, what machine it is. Users tend to use only one browser, and often from one machine, so this may be fairly relieable, but this will vary depending on the audience...techies are more likely to mess with this stuff, and use more machines/browsers. Additionally, this could even be coupled with some attempt to geo-locate the IP, and use that data as well. But in any case, there is no solution that will be correct all of the time.

一种可能是使用flash cookie:

无处不在的可用性(95%的访问者可能会使用flash) 每个cookie可以存储更多数据(最多100 KB) 跨浏览器共享，因此更有可能唯一标识一台机器 清除浏览器cookie不会删除flash cookie。

你需要构建一个小的(隐藏的)flash电影来读写它们。

无论你选择哪种方式，确保你的用户选择被跟踪，否则你就侵犯了他们的隐私，成为坏人之一。

我猜结论是我不能通过编程唯一地识别一台正在访问我的网站的计算机。

I have the following question. When i use a machine which has never visited my online banking web site i get asked for additional authentification. then, if i go back a second time to the online banking site i dont get asked the additional authentification. reading the answers to my question i decided it must be a cookie involved. therefore, i deleted all cookies in IE and relogged onto my online banking site fully expecting to be asked the authentification questions again. to my surprise i was not asked. doesnt this lead one to believe the bank is doing some kind of pc tagging which doesnt involve cookies?

此外，今天在谷歌搜索了很多之后，我发现了以下公司，他们声称出售一种解决方案，可以唯一地识别访问网站的机器。http://www.the41.com/products.asp。

我很感激所有好的信息，如果你能进一步澄清这些相互矛盾的信息，我将非常感激。

有一种流行的方法叫做“画布指纹”，在这篇科学文章《网络永不遗忘》中有描述: 野外的持久跟踪机制。一旦你开始寻找它，你会惊讶于它被使用的频率。该方法创建一个唯一的指纹，该指纹对于每个浏览器/硬件组合都是一致的。

本文还介绍了其他持久跟踪方法，如evercookie、respawning http和Flash cookie以及cookie同步。

更多关于画布指纹的信息:

完美像素:HTML5中的指纹画布 https://en.wikipedia.org/wiki/Canvas_fingerprinting

The suggestions to use cookies aside, the only comprehensive set of identifying attributes available to interrogate are contained in the HTTP request header. So it is possible to use some subset of these to create a pseudo-unique identifier for a user agent (i.e., browser). Further, most of this information is possibly already being logged in the so-called "access log" of your web server software by default and, if not, can be easily configured to do so. Then, a utlity could be developed that simply scans the content of this log, creating fingerprints of each request comprised of, say, the IP address and User Agent string, etc. The more data available, even including the contents of specific cookies, adds to the quality of the uniqueness of this fingerprint. Though, as many others have stated already, the HTTP protocol doesn't make this 100% foolproof - at best it can only be a fairly good indicator.