大风起兮云飞扬

这个东西比较敏感，是把双刃剑，所以我不想在blog上讲太详细。

http://samy.pl/evercookie/

这是一个给客户端打上永久标记的项目，类似技术我以前在blog里也写过，很多广告提供商用的特别多。

Specifically, when creating a new cookie, it uses the     

following storage mechanisms when available:     
 - Standard HTTP Cookies      
- Local Shared Objects (Flash Cookies)      
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 

Canvas tag to read pixels (cookies) back out      
- Storing cookies in and reading out Web History      
- Storing cookies in HTTP ETags      
- Internet Explorer aspx">userData storage      
- HTML5 Session Storage      
- HTML5 Local Storage      
- HTML5 Global Storage      
- HTML5 Database Storage via SQLite      

TODO: adding support for:      
- Silverlight Isolated Storage      
- window.name caching      
- Caching in HTTP Authentication      
- Using Java to produce a unique key based off of NIC info

对我来说，比较有趣的是
RGB的想法，把cookie存储在一个图片中，然后在客户端再读出来，给这个图片设置一个expires非常长的时间（Expire 头，用于客户端缓存，不同于cookie的expire属性）
/* evercookie 0.3, by samy kamkar, 09/20/2010
*  http://samy.pl : code@samy.pl
*
* This is the server-side variable PNG generator for evercookie.
* If an HTTP cookie is passed, the cookie data gets converted into
* RGB-values in a PNG image. The PNG image is printed out with a
* 20-year cache expiration date.
*
* If for any reason this file is accessed again WITHOUT the cookie,
* as in the user deleted their cookie, the code returns back with
* a forced "Not Modified" meaning the browser should look at its
* cache for the image.
*
* The client-side code then places the cached image in a canvas and
* reads it in pixel by pixel, converting the PNG back into a cookie.
*
* -samy kamkar
*/

ETag
/* evercookie 0.3, by samy kamkar, 09/20/2010
*  http://samy.pl : code@samy.pl
*
* This is the server-side ETag software which tags a user by
* using the Etag HTTP header, as well as If-None-Match to check
* if the user has been tagged before.
*
* -samy kamkar
*/