How do you create the hash? If it's based on something that you can derive from ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Macha on Dec 17, 2020 | parent | context | favorite | on: No Cookie for You

How do you create the hash? If it's based on something that you can derive from the user (let's say sha1(IP address + User Agent), that seems pretty clearly identifying. If you generate a random identifier but save that identifier in their cookies and send it back next time, also pretty clearly identifying.

merb on Dec 17, 2020 [–]

> How do you create the hash? If it's based on something that you can derive from the user (let's say sha1(IP address + User Agent), that seems pretty clearly identifying.

of course that is forbidden. and that's exactly why it is really hard to tell if companies honor it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact