How do websites such as nytimes.com limit the number of accesses to their website from mobiles/smart phones? My understanding is that they would only see the mobile gateway IP so they can't use IP addresses. If they use cookies, can't the mobile user just delete them?
Asked
Active
Viewed 142 times
2 Answers
2
There're probably just checking the user-agent (sent on every request by the browser). While it's possible to change it (and pretending to be a desktop), most people don't really do it.
Most proxy servers (very often used by mobile providers) are in fact not anonymous and they expose the real IP address of user via X-Forwarded-For HTTP header. While this information can be forged as well, they might have whitelisted known proxy servers and chose to trust them. They could actually use cookies as well, but since clearing the browsing history is really easy nowadays it's not really an option anymore.
FINESEC
- 1,371
0
As ceejayoz said, they just use a cookie and hope no one clears them - and it actually works, if you don't use private browsing (which wasn't possible on mobile OSes for quite a long time) it's pretty annoying to constantly clear the cookies (leaving the browser, opening settings, etc) especially when you're on a bus/subway and only have a few minutes of free time before you arrive at work.
