As far as I can tell, there's no license info anywhere. Is this public domain? GPLv3? etc...

if (div===null || div === undefined || !div.length) {
div = document.createElement("div");
div.setAttribute("id", "swfcontainer");
document.body.appendChild(div);
Uncaught TypeError: Cannot call method 'appendChild' of null
}

..

The candidates var in the _evercookie method is a list. It is used to count the number of times a particular cookie value has been stored. The values being counted are indices into this list, meaning values can only be integers (or strings of integers).
So if I try to store something like this: ec.set("cookie_name", "cookie_value"), when I later retrieve this (with or without a callback function), the return value is undefined.

Am I overlooking something very obvious here?

Can we have the node.js version of the .php files ?

Once setted cookie, will overwrite another cookie value:

ec = new evercookie();
ec.set('test_1', 'test_1');
ec.get('test_2', function(value) {alert(value)}); // must be undefined, will alert test_1
ec.get('test_1', function(value) {alert(value)}); // test_1

I am getting the following error. My site runs over secure server. Is there a way out?

[blocked] The page at 'https://mysite.com/ was loaded over HTTPS, but ran insecure content from 'http://www.google.com/evercookie/cache/mysite.com/mycookie: this content should also be loaded over HTTPS.

With flash control it has a lot of visible blocked "flash boxes".
Can you try to detect it and stop using Flash if some blocker set?

I'm learning about how to use evercookie, so I've tried this code:

<head>
</head>
<body>
<script type="text/javascript" src="js/evercookie.js"></script>
<script type="text/javascript" src="js/swfobject-2.2.min.js"></script>
<script>
    var ec = new evercookie(); 
    ec.get("id", function(value) { 
    if(value==""){ec.set("id", "12345");  alert("cookie set!");}
    else{alert("Cookie value is " + value); }
    }); 
</script>
</body>

But I'm getting "Uncaught TypeError: Cannot read property 'embedSWF' of undefined". What am I doing wrong?

iframe w/ appcache

Open an iframe to a special html5 offline page. We will store data in inline scripts in this page! The iframe can use window.postMessage to send data to it's parent. The url for this special iframe could be like: domain.com/me/friends?start=0&end=25&format=light&APPCACHEPAGE=true Said page may look like:

<!DOCTYPE html>
<html manifest="manifest.appcache">
<head>
  <script>
    window.onmessage = function windowOnMessage(message) {
      if (message.origin.indexOf('https://iskosher.com') === 0) {
        if (message.data === 'gimme') {
          window.top.postMessage(***jsonStringFromServer***, message.origin);
        }
      }
    };
  </script>
  <style>
    html, body {
      margin: 0;
      display: none;
      width: 0px;
      height: 0px;
    }
</head>
<body></body>
</html>

However, manifest.appcache will link to the same manifest for each /me/friends request... we could do 2 things:

1. Detect the request for /me/manifest.appcache is coming from /me/friends?start=0& ...
2. Redirect the iframe page url to something like: /me/friends/start=0& ... /iframepage.html then the iframe page is: /me/friends/start=0& ... /manifest.appcache

manifest.appcache

Could be like:

CACHE MANIFEST
# requestQuerystring=yeah&just=like&it=comes&in
# nothing else. no resources. data is just embeded in scripts in the html page
# The html page is implicitly stored offline.

Images can and probably should be base64 encoded strings, for true programmatic access.

jsonp w/ appcache (no iframe)

You could also force add jsonp scripts to your own page's manifest, just piling them up as you want. This also has the advantage that if you don't continue to include a data script in the manifest, you can remove it from the manifest and the browser will clear the space.

P.S: @samyk a link to this repo should be more prominent on your ever cookie homepage.

the evercookie_indexdb_storage method is not used by default, why?

I have two domains that I wanna share evercookies between each other, but I just don't know how to do that. I've already set the _ec_domain at the end of the paths and didn't work. Anyone can help me with this issue? Do I have to modify the .fla file, and generate other .swf? I tried to put in the .fla "Security.allowDomain("*")" and didn't work.

Hello! I want to set cookies on site1.ru and get them on site2.ru. I tested it and i cant get cookie on site2. How can i do this?

Hi ,

I am getting applet.set error. I allowed java also installed java on application m/c.

Any solution for this?

I would love to be able to select which methods I want my "evercookie" to be saved in.

Would be nice to be able to configure which storage engine I want to use. I really prefer to pick a few (but not all) of the storage options. Specifically, turning off flash, silverlight, etc.

Hey hey.

I'm getting a lot of errors for undefined indexes here:

for ($i = 0; $i < count($data_arr); $i += 3)
{
$color = imagecolorallocate($gd, ord($data_arr[$i]), ord($data_arr[$i+1]), ord($data_arr[$i+2]));

Which makes sense I guess, since you're going up to $i+2, so it should be smthing like
for ($i = 0; $i < count($data_arr) - 2; $i += 3)

I guess

Not sure if this will break the whole png method or if this is just fixing the symptoms instead of fixing the cause though :-)

Silverlight in particular is pretty rough.

But they end up taking around 60-90% of CPU while the page is open and script is running.

Testing in Chrome 8 on snow leopard.

Hello, I've been looking at ever cookie and while it seems to be great at what it does, it sounds weird that it has jquery as a hard dependancy. If possible I think it would make sense to make it optional at least for set/get methods.

Anybody know ?

In all (3) my pc and all other (2) the pc I have tested evercookie doesn't work in Chrome.

If I open "about:plugins" (type it in the address bar, then click "details" in the top right corner) I can see Chrome has 3 flash plugins installed:
1. internal/builtin PepperFlash,
2. internal/builtin Flash
3. external Flash

If I disable PepperFlash I get evercookie to work, otherwise seems the local storage of the pepperflash plugin is isolated...

No one noticed that? Is there a workaround? Am I doing something wrong?

in windows 10, theres a build-in feature which generates unique ID for every client. it is possible to reach to that data with javascript in platforms supporting advertising SDK

for further information:
https://msdn.microsoft.com/en-us/library/windows/apps/windows.system.userprofile.advertisingmanager.advertisingid

The file is called in the code and causes an error to be thrown but the file does not exist in the codebase... Perhaps authPath should default to false until this code is completed?

Persistent TLS/SSL sessions can function as supercookies:

https://en.wikipedia.org/wiki/Transport_Layer_Security#Resumed_TLS_handshake

It'd be good to have a test for browser protection against this in evercookie!

At http://samy.pl/evercookie/ tried with Opera. Set cookies, then deleted all history from Opera, then closed Opera, opened again clicked on Click to rediscover cookies and saw either null or undefined.

There's some other ways to track cookie:

https://www.browserleaks.com/
https://panopticlick.eff.org/browser-uniqueness.pdf

not sure how many have been implemented.

For environments where EC is stored in a library directory.

Question is in the title.

I'm running an older version of the evercookie and i wanted to bring my Code to the latest version. It seems to me that a lot of stuff has changed and the documentation still shows the old code style.

Hi everybody,

I've realized that last browser versions of the main browsers (IE, Firefox, Chrome, Safari) avoid evercookie.

Is there any way to make evercookie work even if user uses private mode?

Thanks,

FMN

Just as a heads up if you set _ec_java to false then you need to comment out or remove this like (typeof self._ec.javaData === "undefined") || which is around like 200 on evercookie.js or you will run tell you hit _ec_tests limit, which can cause longer load time.

When adding support of evercookie to my web application, IE started to act strangely.
It started to have sudden refreshes every 2-3 seconds which disabled my work with IE, but this didn't happen in Chrome/FF 4.

I got the idea that http://www.html5rocks.com/en/tutorials/file/filesystem/ can be used to store a copy of the cookie.

PD: I don't know if this is posible but JS could generate a SSL client key and browser would store it. Then server ascoiates SSL fingerprint with cookie. But user may notice that key is saved on some browsers.

Hello, this is very cool lib!

But this lib work is very slow for bad internet connections (mobile internet example). May be we have off anything option for make this faster? Can I remove some features from code evercookie for make this faster?

Please help me!?

Just to let you know Symantec Endpoint Protection has just detected malware in the evercookie-master.zip download
"Trojan.Maljava!gen26" in evercookie.jar

if i clean cookies in chrome evercookie forget me

1.visite http://samy.pl/evercookie/ and click to create an evercookie;
2.clean cookies in chrome;
3.close chrome;
4.restart chrome;
5.visite http://samy.pl/evercookie/ and click to rediscover evercookie;
6.evercookie has forgot me.

my english is so poor, don't laugth at me 👯

http://hstscookie.ca/ has a demo fro storing cookies via HSTS browser records:

From the site "The HSTS cookie cannot be removed by clearing your cookies. It will be deleted if you clear 'site preferences', however, doing that will also clear a lot of useful information and expire the HSTS pins for other sites."

I get Uncaught TypeError: Cannot read property 'embedSWF' of undefined

How do i resolve this?

I got the error:
Uncaught SecurityError: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data.
evercookie.js 569

I could fixed it with add img.crossOrigin = "Anonymous"; at https://github.com/md-5/evercookie/blob/master/js/evercookie.js#L543
Is it right? (for example anyone can replace a cookie? ) how can i fix that another way?

It would be good to see an implementation of canvas fingerprinting (not the same as force-cached PNGS). See https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html#canvas-results

Well, been reading on stack-overflow. I got myself .......
Anyway, these thing (what missed) can be added here in this project!

I was using the same code I wrote some days ago:

<head>
</head>
<body>
<script type="text/javascript" src="js/swfobject-2.2.min.js"></script>
<script type="text/javascript" src="js/evercookie.js"></script>
<script>
    var ec = new evercookie(); 
    ec.get("test", function(value) { 
    if(value==undefined){ec.set("id", "12345");  alert("cookie set!");}
    else{alert("Cookie value is " + value); }
    }); 
</script>
</body>

But now I'm sunddenly getting
Uncaught SyntaxError: Unexpected token var (evercookie.js:1) and Uncaught ReferenceError: evercookie is not defined (line 7).
What could be the problem?

or PHP running under FastCGI (not as an Apache module) prior to PHP 5.4. see: http://au.php.net/manual/en/function.apache-request-headers.php

Instead, return a plain 500 Internal Server Error, so it isn't taken into account.

hi. I'm having a problem. I'm getting the following error message:

ReferenceError: evercookie is not defined
var ec = new evercookie({

this is happening on my Firefox browser, because on Chrome, it work's just fine. I couldn't find why this is happening yet. I just downloaded it and I'm trying to test it. I did not modified any file. On one browser it's working just fine, and with the other I get the script error message.

any ideas why? thanks!

There are many document.body.appendChilds, but only the one at line 600 (#evercookie_silverlight) throws error

Uncaught NotFoundError: An attempt was made to reference a Node in a context where it does not exist. evercookie.js:600
evercookie_silverlight evercookie.js:600
_evercookie evercookie.js:163
get evercookie.js:142
getC example.html:19
(anonymous function) example.html:15

Maybe my tests are incorrect, but when I try to use only pngData and no other method, I cannot get the value that was stored on the first call.

Can you reproduce it too ?

Wouldn't it be nice if there were a function to remove the evercookie?
Or would you just evercookie.set('id', null); ?

While LSO's are working on the samy.pl example site, running on my server I am not able to store or recall LSO's.

No javascript errors are coming up, however the looking at the network tab in chrome, there is a long pause between when evercookie.swf executes until the next file loads (evercookie_etag.php).

Here are the results:

Storage mechanism userData returned: undefined
Storage mechanism cookieData returned: 12345
Storage mechanism localData returned: 12345
Storage mechanism globalData returned: undefined
Storage mechanism sessionData returned: 12345
Storage mechanism windowData returned: 12345
Storage mechanism pngData returned: 12345
Storage mechanism etagData returned: 12345
Storage mechanism cacheData returned: 12345
Storage mechanism idbData returned: 12345
Storage mechanism dbData returned: 12345
Storage mechanism lsoData returned: undefined

the options I have changed are:

var ec = new evercookie({
history: false,
baseurl: '/test/evercookie',
asseturi: '/assets',
phpuri: '/php'
});

There are no errors in my apache logs or javascript console - again, it works in my browser at "http://samy.pl/evercookie/" just not on my environments (my local mac running apache or my server Redhat running nginx/php-fpm)

am I missing some important configuration detail?

Hey,

When I am calling
ec.get(identifier, function(value) {
****console.log('response from the ever cookie: '+value);
if(typeof value !== 'undefined' && value!=''){...}

the value I am getting is this.

*****Notice: Undefined index: If-None-Match in /var/www2/postify-production/evercookie_etag.php on line 44

Can you explain what this is ?

hi, is it possible to use evercookie with GA ? if yes, can somebody provide me with an example ? THX

Can't get it to work in IE8.

I load the page and get: Cookie found: uid = currently not set
I click on 'create' and get: Cookie found: uid = creating
(it never changes).
I click on 'rediscover' and get: Cookie found: uid = checking
(it never changes)