I am creating a PHP/MySql application and for some reasons I have to establish a Security/Trust relationship between the user's device and my system. The following shows my options and shortcoming:
Cookies: This method of sustaining an existing relationship was the first to mind, but could easily be erased by the user of the device.
User Agent String: This can be spoofed and proven unreliable.
MAC Address: Same reason as the user agent. This option cannot be trusted.
IP Address: This for me is a no no especially for users with dynamic IP's or NAT
Would appreciate anyone with an answer to my idea. I am proficient in PHP/MySql so applying the logic shouldn't be a problem
Thanks in advance