Some web sites "know who you are."

[george]

Some web sites I visit for the first time display my name, city and state. I suspect these apps are accessing a cookie on my pc, but maybe not. How can I make my web app get a users name, city and state? The way I understand cookies, is that cookie information can only be retrieved by the domain that dropped the cookie in the first place. Is this now old school?

[birbal]

Some web sites I visit for the first time display my name, city and state. I suspect these apps are accessing a cookie on my pc, but maybe not. How can I make my web app get a users name, city and state? The way I understand cookies, is that cookie information can only be retrieved by the domain that dropped the cookie in the first place. Is this now old school?

as i know it is only possible with cookies. may be some other technique is available to experts :)you can store the name of user when they login and their location (some pecl can get location by ip). then check for cookie at your page where yoe are intending to show up the data. if cookie exist show up the data as last login else you can throw a cookie as a guest name and location

[boen_robot]

The city, state and the name of your ISP can be gathered from your IP, except in cases the ISP has decided for one reason or another to write your details instead.Here's one site that looks up this informations and shows it to you. If you can see your name there as opposed to your ISP's name, then you've found the way.If not, then... it depends... which sites you are talking about? They get your username from which site? Are you logged into that site while visiting the site that fetches your username? Are you sure you haven't told that other site your username yourself?

[Fmdpa]

They can determine your location with the ip address, as boen_robot illustrated. Some of what you see is done through cookies. I think you were thinking of cookies as packets of information (location, etc) stored in your browser with your information. No. Cookies must be set by a site, then that site can read the information that they set. Third-party cookies are set by content that is embedded in a web page from an external site, such as ads. They can track you across any websites that have their ads embedded on their page.

[Synook]

Some sites (e.g. like this one) also ask users for information, so that they may indentify you with it later. However, a browser does not automatically transmit personal details to arbitrary remote hosts - as Fmdpa says, a server sets its own cookies, and can only populate them with what it knows.

[george]

Getting the location by IP is only good sometimes, as there is redirecting and remote hosting going on. What I do not know about Cookies is if there is a new type of Cookie that can be accessed by any domain that knows it's name? Thanks

[george]

as i know it is only possible with cookies. may be some other technique is available to experts :)you can store the name of user when they login and their location (some pecl can get location by ip). then check for cookie at your page where yoe are intending to show up the data. if cookie exist show up the data as last login else you can throw a cookie as a guest name and location

I knew that. What I was asking for was not the basic "how and why to use cookies" question.

[george]

They can determine your location with the ip address, as boen_robot illustrated. Some of what you see is done through cookies. I think you were thinking of cookies as packets of information (location, etc) stored in your browser with your information. No. Cookies must be set by a site, then that site can read the information that they set. Third-party cookies are set by content that is embedded in a web page from an external site, such as ads. They can track you across any websites that have their ads embedded on their page.

No, I know what a cookie is and how to use it. I thought my question implied that. In fact, I just reread it. Yes, I did explicitly say that cookies can only be retrieved buy the domain from which they were dropped. NORMALLY. I know that. There must be a cookie sniffer out there that looks at the client pc's cookies from the clients OS, and not as server side app. JAVA applets may be able to do that.

[Fmdpa]

PHP can't do it. If it can, then it is something I haven't heard about. I'm not familiar with with Java Applets, so I wouldn't know. I think we are all still wondering what you mean by, "some web sites know who you are". Give an example. What do they know about you? Time of your last visit?

[george]

Obviously there would be no question if I were talking about repeat visits to the same site. I have often gotten great guidance through W3Schools Forums. But my time is not well spent on this thread, so I am dropping it.

[Synook]

Put simply, it is not possible for a website to identify you personally by anything other than IP, and information you give it. This is why people are giving answers you find "annoying" - because you seem to be asking for the impossible. Of course, you could go into worms and other malware that reside on the client and send that information out in violation of privacy regulations, but this is not what we are here to discuss and did not seem to be the topic of the thread either.You asked, how can I get a user's name and location? The answer was given - location can be determined from the IP, but there is no way to get a user's name. The nature of cookies, as the main subject of your topic, was elaborated upon in order to answer your query about the possibility of sutes accessing the cookies of others. You asked whether this was old school and the answer was clear: no, that is how they still work. Take these responses how you want, but it is clear to me that they were made in good faith and not in an attempt to "annoy you".Nevertheless, if you still wish to squander the information volunteered to you in this thread, then it will certainly die out without the need for manual intervention.

[boen_robot]

Again: Show us one site that does what you're describing, and we'll tell you how it's doing it.From what we all know, what you're asking is impossible, but in theory, there may be some trick behind it.

[justsomeguy]

There's the concept of the "evercookie" that people are researching, which is basically a cookie that can't be removed based on the fact that it's stored in multiple places.http://yro.slashdot.org/article.pl?sid=10/10/19/210255But I don't think you're asking about that, I think you're asking about the ability for a web site to read all of the cookies on a client. You haven't actually said that before becoming upset, but I think that's what you're asking. Barring an applet or something else that has system-wide file access (and why an applet would have system-wide file access I'm not sure), no, there's not a way to do that.There are advertising networks and other methods where several sites would all have access to the cookies for a certain domain, or at least information about the user from the ad network.There's no reason to become angry and upset with people's answers though. This is what you asked:

Some web sites I visit for the first time display my name, city and state. I suspect these apps are accessing a cookie on my pc

Considering the common questions that people ask on this forum, everyone assumed that you are trying to determine how to identify your own users. You didn't specify that "a cookie on your pc" meant a cookie from a different site, so people assumed that you were a beginner trying to use cookies to identify your users. If that's not what you wanted to do then you should have been more explicit about what you know and what you want. The answers can only be as good as the questions.

[jeffman]

Many sites with different domains and different content could actually be owned by a single company with a common database. If a site like that tracks people by IP address, then a "new" site could easily give the impression of knowing you. The reality is that the whole system knows you, and any given page in the system can look up your information based on your IP address. (I suspect that a lot porn sites and overseas pharma sites might operate in this way, whether or not they actually tell you about it.)I wonder about the effects in shared environments, like university computer labs, or computers connected through wifi, where it's the wifi receiver that has the true IP and all computers hanging off the receiver would project the same IP. Then there are dynamic IP addresses, like I get from my employer and my ISP. A lot of mistaken identity, I suppose.

[justsomeguy]

With the ad networks, when you send a request to the ad server they'll set and read their own cookies. But there's no reason why they can't make that information available to their client websites through a Javascript API to look up details about the user.

[george]

@JustSomeGuy, @Deirdre's Dad, I love you guys. You read and understand my questions, and reply providing me with new information I need and request. You guys do your research, and do not make assumptions based on perceptions or a lack of reading my questions. @Fmdpa you misread my questions and then insult me for a non displayed ignorance. Are you Republican?

I think we are all still wondering what you mean by, "some web sites know who you are". Give an example. What do they know about you? Time of your last visit?

that was an unnecessary insult. Sorry if no one else agrees. I did reveal my understanding of basic cookie use and governance when I said, in the original question, "cookie information can only be retrieved by the domain that dropped the cookie in the first place" Others have explained how this can be effectively bypassed by the sharing of information within a an advertizing venture, which is what I and countless others have experienced when we go to a new website that promptly displays "Hello Joe, the weather in your town is...". @boen_robot I hope you are learning as I am from the knowledgeable contributors to this thread. Sorry if I got upset, but the many “do you know what a cookie is” replies were presumptive and frustrating to say the least. @JustSomeGuy, “why an applet would have system-wide file access I'm not sure” – because it runs on the client like JavaScript, except that javascript was designed to not allow OS or file access. It runs in the browser shell, and stays there. An applet is an executable, and can run independently of the browser, operating more like a true virus, it sneaks into your system via internet connections (email, web) and operates there as a local program. Yes, no, maybe?edited for spelling

[Synook]

Java has a "sandbox" security model, which means that Java programs running in different contexts obtain different permission sets. So an untrusted Java applet will have different rights to a program you've downloaded and run locally. This allows Java to restrict the ability of web applets to affect the local filesystem - if such scripts didn't, and had completely free reign, then no-one would have faith in the Java platform and it would not have been successful. Of course, there are always holes and using an applet is one attack vector a hacker might try. Hopefully this isn't happening on a significant scale, though .I still don't see how Fmdpa was, uh, insulting you (insult: a rude expression intended to offend or hurt) - there are many things one might want to know about a user, and they can all be retrieved in different ways. Anyway, stop the mudslinging, and I'm sure everything will be fine...

[george]

I still don't see how Fmdpa was, uh, insulting you (insult: a rude expression intended to offend or hurt) - there are many things one might want to know about a user, and they can all be retrieved in different ways. Anyway, stop the mudslinging, and I'm sure everything will be fine...

You fail to see how I was being toyed with, and I fail to see how I was mud slinging. I am at peace with that. And I will not belabor the question unless someone insists. I just assume drop it. I appreciate your sharing about the JAVA sandbox security. That, I suspect, is for partially or un-compiled applets that must run within a JAVA shell. At any rate, I have no interest in hacking, nit-picking, or wearing excessively thin skin. I have been enjoying the services provided by W3School’s forums for a few years now. And I always learn here. This is the first time my feathers have ever been ruffled, and the first time I have ever been accused of slinging mud. I hope it is also the last. Thanks for your support in all issues touched upon.

[george]

From what I have learned here in this thread, I can now with confidence tell my client, who is competeing with GroupOn, how GroupOn and other vendors can display a person’s city when they first arrive on their site, because GroupOn is a member of an affiliated marketing group which shares a database of users, their locations, and other demographic information about a potential customer. A web site can “see” the IP address of who is visiting the site, and look up the potential customer in the shared database, and presto, they name your town and present any cupons available in that town. It is not done with cookies. My bad for mentioning cookies. If anyone knows how to contact such an affiliation network, that would be iceing on the cake. Edited to provide answer to above asked question: GroupOn accomplishes this by useing Amazon's CloudFront, which they refrence in their JavaScript as

	 _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/504aca0b8cca62725ee914db264db43cccfe3bda.1.js');	</script>		<script type='text/javascript'>	  _udn='.groupon.com'	</script>

Thank you all for your help.

[george]

@JustSomeGuy

You didn't specify that "a cookie on your pc" meant a cookie from a different site, so people assumed that you were a beginner trying to use cookies to identify your users. If that's not what you wanted to do then you should have been more explicit about what you know and what you want. The answers can only be as good as the questions.

Point taken. Well said and thank you.

[Fmdpa]

@Fmdpa you misread my questions and then insult me for a non displayed ignorance. Are you Republican?

Are the politics in DC affecting you so much that you call people who may be insulting you "Republicans"? This forum has nothing to do with politics, and let's keep it that way.The goal of the forum is to be as open and clear as possible so people can help you. Since you were being too vague, IMHO, people were taking hit or miss chances with trying to help you. You said that you understood cookies. I read that and understood that. But some people say they understand something, but really don't. That is why I suggested you had a misunderstanding about cookies. Remember, the more information you provide about your question, the faster someone can pinpoint your problem and help you. As you may have figured out, we love seeing live examples illustrating what you are trying to achieve or fix.The thing I dislike about the internet is how your feelings can not always be accurately conveyed through words. I'll say now that I never intended to come across as insulting or superior, and I apologize if I did. BTW, I never took any offense from anything you said.

[george]

Why thank you Fmdpa. Both your and JustSomeGuy's suggestion that I employ more clairty is well taken. But then, if I had perfect clarity, I would not have had the problem. I was, indeed, searching for the answer, and had wrong headed notions which were set streight. That is effective helping, and I appreciate it. In my original question, I did say that upon my first visit to a site, the site would "know who I was." Then you said, "like what, the time of your last visit?" Do you see the disconnect here? How should I have understood that? That I do not know the meaning of "First", as in first visit to a site? Let's just drop it OK? I contacted the moderator and tried to close the topic about the 4th post in precisely because I could see this pileing on coming. If my taking offence is a continueing disturbance here, then I will just take my marbles and go home. OK? There are other forums. I have enjoyed years of good quality service here, but I do not think I am the one radicalized by politics. Again, could we all drop this now? I do not know whose interest it serves to keep it going, do you?

[justsomeguy]

@JustSomeGuy, “why an applet would have system-wide file access I'm not sure” – because it runs on the client like JavaScript, except that javascript was designed to not allow OS or file access. It runs in the browser shell, and stays there. An applet is an executable, and can run independently of the browser, operating more like a true virus, it sneaks into your system via internet connections (email, web) and operates there as a local program. Yes, no, maybe?

From what I understand, only if there's an exploit or it's misbehaving. A client-side applet should not have full filesystem access to anything it wants, the combination of the browser applet sandbox like Synook described and the OS should keep the applet accessing only its own data. Regardless though, you probably don't want to require your users to support an arbitrary technology like Java or Flash (Flash can't read arbitrary files anyway) in order to make your site usable.It looks like this thread has been answered, so I'm going to go ahead and close it. I disagree that people were being insulting, I think you may have just taken the beginner questions as an insult, but it's worth it to close this thread and avoid a discussion about politics. I don't think anyone needs to apologize to anyone else, so let's just go forward and learn what we can.