I've been searching through Internet for a suitable solution for this, but I've not been able to find a good answer. Of course, I know that there is a possibility that what I'm asking here is impossible because of the Sandbox of browsers, but maybe the experts here can light up something good!
What I'd like to
I've got a web application in which users are registered and need to log in in order to access it. However, I'd like each user to be able to use only a few devices (3, for example) so, if a new device (a 4th one) is detected, it should show a message to the user telling him to upgrade to a Pro version or unlink one of his devices, etc.
So, what I would like is to have a unique fingerprint of a user's device which would be hard to change (it has not to be impossible, but not as easy as changing the browser).
What I've found
In the Internet I've come across some solutions which take information from user's screen, browser version, SO, and browser's plugins, mixing this information and making a unique md5 hash. The problem comes when the user changes the browser.
The browser's plugins and the browser itself will change, so one of the most unique fingerprints (the plugins) will be obsolete, and it will be identified as a new device. And the same if the user installs a new plugin to the browser, for example. So: they are not a possibility.
The IP cannot be taken into account neither, as I cannot assure the client will always access the application from the same location.
Talking about letting or not a user access my application, I cannot base my identification in something that can be changed so easily.
What I've thought to
I've thought of using localStorage. If the user has not an ID in a localStorage, it's a new device. However, whenever the browser starts to go slow, everyone recommends to "clean" website data, so localStorage would be gone again. So, not the solution.
With the cookies is about the same problem as with localStorage, so not the solution neither.
What would be the solution
Taking some parameters of the computer like the depth of screen colors would be nice, but maybe mixing it with other parameters would be better.
The main problem is that I don't know which parameters could be taken (either Javascript or PHP, or both) to be "unchangeable" by the user itself or very hard to do so.
I know what I'm asking for is complicated and "utopic", but I'm not an expert and maybe someone has thought of a suitable solution for this.
Thank you all for your time and answers!
EDIT: Well, I think that the duplicated answer quite responds this question. It's not what I'd liked to, but it seems (to sum up) that the only solution is to take a group of variables and make probability matching to be able to "know" which user-device is now connected. Thanks to all of you for the answers (and the people who pointed out the duplicated question too!).