Search code examples
node.jsmongodbclient-side-data

How to track users without authentication on nodeJS


I developed a mobile web application using nodeJS. All users have an access to data(foods,menus etc) without authentication. They can list products, like them, or mark them as a favorite ..etc What I want is giving them unique IDs (on first visit) to recognize them on every time they visit and track their actions by storing those actions in my database I want that because when they are revisit my app, I'm gonna say "You have marked 3 products as a favorite this month!" or "Apperantly you like hamburgers (listed hamburger category 22 times)

In short, when user visiting my web app for the first time

  • Define (or assign) unique ID and store the ID on client-side

when user visiting my web app second time

  • Check if there is any ID on client-side storage
  • If its true then list the users recent activities for example;

    var uID = "ID data on client-side."
    db.users.findOne({ userID: uID }, function(err, user){
       if(err){
       res.send("you are here for the first time!");
       // >>> create new unique ID HERE and assign it to the user !!<<<
     } else {
       res.send("you were here before");
       // already have an ID, go on
        }
    })
    

Quick Note: ID must be there all the time (on client-side) until user remove it somehow.


Solution

  • If this is a browser-based application, then you have two main options, cookies and local storage. Both are not entirely permanent (can be cleared by user or by browser maintenance), but will generally serve your purpose.

    The advantage of cookies is that they will be automatically shared with the server on every request so the server can tell who the user is.

    The disadvantage of not using a user login is that the same user cannot represent themselves as themself on different devices or if they get a new device (such as switch to a new phone).

    If you are using Express on the server, then you can use express-session combined with a persistent session store and then express-session will automatically create the cookie and you can store whatever user-specific data you want in the session and it will persist for as long as the cookie lasts (actually the data will last longer, but you can only associate it with the user as long as the cookie lasts). This would also allow you to "extend" your functionality in the future by support a non-login world, but also to allow the user to add a login so they could even access their info from other devices.