As you know Facebook saves login sessions and we can see them in settings where we've logged in.
Now, they show IP address, Phone name (if logged in with phone) and App name in the phone and Browser name in case we use browser.
I want to store these info for my site using PHP and JavaScript. One way is to use inbuilt features of PHP on server side to save this info to my DB when user logs in successfully.
But there's a problem in it. The feature gives a string and I find it hard to extract the browser name, OS name and device name. Further, it doesn't show me app name in case logged in to my service with app.
So is there any better and recommended way to do it? Wouldn't it be better if I handle this client side? The client that makes request to server it self sends Device name, OS name and other info.
2nd option seems to me better but I'm not sure if it actually is.
Best Answer
The information is always coming from the client. How you get the information to the server is a different question, of course.
User-Agent
When an HTTP client makes a request, it may include some information about itself in the
User-Agent
header. For example, browsers typically include some information about the browser name and version, and some basic OS information.This is what the built-in feature of PHP is reading.1 Unfortunately, the format of these strings is not standardized. Parsing this information can be tricky, and should probably be left to a library.
In order to identify an app-based login, all you have to do is make the app's HTTP client provide a
User-Agent
header. You'll find how to do this in the relevant documentation. Obviously, you'll have to make sure you can parse it on the server.1 For browser/OS information. The IP address is a separate issue.
Custom Implementation
Alternatively, you can define a more structured message format and include it with your login request (for example).
This gives you more control over what information is sent, and makes server-side parsing easy. The downside is that you have to implement and maintain additional logic, rather than relying on the standard HTTP headers.
I haven't done this myself, but it appears you can also make browsers send a custom user agent value. You might also consider looking for client side libraries that do this kind of thing. Of course, you have to make sure that your browser-version and your app-version are compatible.
Which option is better?
That's difficult to answer without knowing the whole system. However, if you expect requests to only/mostly come from standard browsers and your app, I would start with parsing the user-agent string.
If the information is really important to your users, the additional effort may be justified. The same applies, if you require information that is not typically sent by browsers, but that you can usually acquire via JavaScript.
In any case, note that the information is not reliable - any client can in principle send anything, regardless of the transmission mechanism you implement.