Im Developing a web application which is very critical. So authentication has to be very strong at the same time i dont want the user to go through a procedure every time he wants to login. My idea is for the first time he has to go through a small procedure to identify himself and later he can login from the same system without much delay(beacuse we trust that system with that particular user).
I know Cookie is one way but that is not so secure cause if anyone copies your cookie he can do hell lot of things!
What are the best ways of Device tagging?? Any suggestions?
If you’ve taken the appropriate measures to prevent cookies from being stolen, then there’s not much else you can do to protect the system.
Your question seems a bit confused – I assume you are refering to client device fingerprinting – this may not be an appropriate solution – it really depends what the threat model is (you’ve not provided that information). See this post for some hints on how to implement device fingerprinting.