The best advice for your scenario?
The various methods of identifying users and their computers for the purpose of tracking to display ads targeted to their interest and identify subscribers for DRM control
are diverse:
Using Cookies created by JavaScript and other scripting
languages like ASP and PHP are the most commonly used methods used by
web sites to store a user's membership details and preferences.. These
cookies can be created using either programming language and read by
either programming language. Such cookies are stored by the user's web
browser and easily updated on load of a web page. Theoretically, these
cookies can only be read and updated for the web site being visited and
can be available for the user's next visit to the web site, or they can
be expired by date or on exit of the site depending on the situation.
Cookies using Session ID
do not need to be created because Session ID is the standard method of
user identification by a web server. Every time a new user visits a web
site, the web server assigns a unique number as their Session ID to
manage and differentiate between current users. Session IDs can be read
by most programming languages for tracking purposes by a web site and
are most useful for storing member login details, but only for that
session. Session ID cannot store information for later visits as the
life of a Session ID is limited to an active session, ie: a Session ID
commences when requesting the first web page and ends when either
leaving the web site or when the session expires. Using Session ID is
most useful for catering for user's suffering from cookie-phobia.
Using IP Address
to identify users and control access rights to web pages can be secure
and most useful, but only if the user's IP address is known and only if
their Internet connection always uses the same IP address. Computers
connected to in-house networks can be assigned a fixed IP address and
ISPs can assign a fixed IP address to permanent Internet connections.
Otherwise most Internet connections are dynamically assigned (random) as
they connect. An IP address assigned to a computer within a network can
be assumed to be for that one computer user, but IP addresses assigned
to an Internet service can apply to a whole network of different
computers.
IP address ranges can be used to limit access by country, but even if
supported by geolocation lookups via reverse DNS, such limitation can be
unreliable because some ISPs sell off part of their network range
assignment to other ISPs who can be in a different country.
IP addresses cannot be spoofed but they can be masked by using a VPN,
proxy service or TOR network. Such usage is for anonymity and not really
a threat to your website security because the IP address being used will
not be one that your web site allows, and consequently cannot gain
access.
A media access control (MAC) address is a
hardware identification number that uniquely identifies each device on a
network. The MAC address is assigned by the manufacturer and burned into
each network card, such as an Ethernet card or Wi-Fi card, and cannot be
changed. But while it can be useful for validating a user's computer
access it is not the most reliable constant because the same computer
can use different Internet connections even in the same session. For
example if a user is using a WiFi connection and it drops out or is
disconnected and that user also has a cable connection via LAN, their
MAC address will change. To properly manage rights access using MAC
address, the web site will need to record all instances before allowing
access which can be a inconvenience to the user. For example "please
login while using your WiFi connection and then switch to your LAN for
your computer to be registered for our network" and most users will ask
"what is a LAN?"
Registry Keys can be used for user identification if the
web browser can read a user's registry but they cannot due to computer
security, at least not without assistance provided by a browser plugin
(DLL) that can interact at system level. However that is not possible
with today's popular web browsers who dropped support for NPAPI plugins
in late 2015 in preference to simple plugins (add-ons) based on HTML and
JavaScript suited to the limitations of mobile phones. But registry keys
can be read if the visitor uses a web browser like the
ArtisBrowser which is specially designed
for copy protection and does support real
browser plugins.
Token Files are usually encrypted files stored on a
user's computer in a location known to the software being used which in
this case is the user's web browser. Unfortunately most web browsers
will not be able to locate or be able to access a file that is not
already a part of that web browser. Consequently web site's cannot read
such files unless the visitor uses a web browser like the
ArtisBrowser which is specially designed
for copy protection and does support real
browser plugins.
A unique Computer ID can be assigned by reading the
serial number of computer hardware. But this is only possible on Windows
and Mac operating systems (OS) and cannot be used on other OS such as
those used on Linux computers, amusement devices or mobile phones. However
serial numbers can be duplicated across different devices and
manufacturers.
The ArtisBrowser which is specially
designed for copy protection, uses an
algorithm based on the hard drive serial number and other factors to
create a most unique Computer ID to properly manage access rights to DRM
protected media and web pages. Such identification can enable a website
to validate more than one computer per user account and is the most
secure constant for user identification.