Identify User's Device Uniquely

Question

I want to identify and authenticate a user's device permanently so that he doesn't need to authenticate again and again from the same device. How can I identify the user's device uniquely?

One approach could be to use Client IP, but there may be more than one devices using the same IP. I may use local storage or cookies but what if someone copies local storage's device identification data to a different device or sniff cookies (having the same IP)?

Is it possible to identify a device uniquely and permanently authenticate it for a particular user in a foolproof manner?

Answer 1

I think this is a standard and long solved problem. Use HTTPS, set http_only and secure attributes on your cookie and you should be fine, unless someone replicates the whole browser data on device, which anyway is out of your control, and hence you shouldn't bother about solving a problem that you don't have control over.