How do sites like quora track users without cookies? - cookies

If you clear your cookies and go to quora.com, suddenly you are logged in to quora. How does quora do that?
You can try that yourself. Does site now can check if a visitor is logged in to facebook and act appropiately?

The Quora home page actually has multiple cookie variables. Please analyze the scripting code below:
You will find that there are actually three object classes within the initial script load that will check whether you are logged into Quora or a partner site of Quora's which you have indicated that you will allow the associated login as your proxy login for Quora.
Quora also maintains session data via an internal Session_Table which will keep you "logged-in" to the Quora system unless you specifically "log-out".
The detail logs the IP Address along with Geography, as well as specific browser detail and is pushed through the HTML on Log-Out.
This functionality is not dissimilar to the functionality/strategy that Facebook uses and the "more logged-in" functionality that Eric Schmidt had mentioned that Google was looking to pursue some years back; however, with the exception of GMAIL there still hasn't been a socially interactive app that Google has unveiled that would make people WANT to access again and again without re-login.

Related

How can I get manage_pages in Facebook Graph to make API calls for my page (personal use only)?

I have a FB page that is a member of about 10 groups (all related to the same topic), and sometimes when I post I share the post to these groups.
Since it's so tedious to manually share the post to each group, I thought maybe using the API could be a better way to share my post into these specific groups my page is a member of. But FB seems to require that I enter some business details for a business that doesn't exist.
I don't own a business, this is a page to share educational tips and such. So I created an app (kept it in dev mode) and I'm the only administrator. I don't plan to make my app public, create an interface or have anyone else use it, and I don't intend to use it with any pages other than mine. Plus, I've already provided my personal ID so I am verified as an individual:
But still, if I want to get manage_pages permission I'm required to go through some business verification and show FB how I'll use the API in a video, when I don't have any of this. In the verification page I'm requested to upload an icon, a privacy policy link and confirm commercial use:
Should I just make up some fake business information so I can give them what they want? Is there not a way to use the API for personal use?
I'd be happy with just being able to send a couple cURLs to share my post through a terminal instead of having to do it via the FB GUI.
The only requirement to complete review by business verification is to manage more than 3 pages per user, otherwise you can complete via individual verification. However you say pages and groups so it's not clear if you refer to publishing to a page feed or to a group (which requires additional permissions/features besides only manage_pages). And no, you shouldn't fake official documents just to complete business verification if you don't have a business...

Retrieve user data from Google Analytics based on the __utma cookie

I am trying to find out how active are the users of my web page after registration, based on what was the source/landing page of their first visit. I would rather not try to track users myself - I am already employing Google Analytics on my web page and I know it uses the __utma cookie to tell one user from another. I can see summarized landing pages/sources in my Analytics reports but would need to have this data per specific user in the time of their sign up.
Essentially, when the user signs up with my web page I would like to retrieve their landing page and source from Google Analytics and store it in my application's database along with user's name, password, activity etc. This way I could check later, for example whether users who came from Google were more prone to buying premium service that those who came from Facebook etc.
I checked the Google Analytics API reference but it doesn't seem to provide getters for this specific data. I've been looking in up in Google and in Stack Overflow for a while.
This seems like a pretty useful functionality, which many websites should need. What am I missing? Maybe I should seek for a solution that doesn't involve GA? Or switch to a different analytics? Or track user's landing pages with cookies myself?

Django and Post to Facebook (no authentication)

OK, I need some help understanding the process behind Facebook's website integration process and how I can integrate it into my web app....
In its most basic form, my site stores and displays users' comments about products (there's more to it than that, but that's all that's relevant for this question). What I'd like to do is allow them to post that comment, together with the name of the product (and my site), to their Facebook wall by clicking a button.
I do not need the users to log in to my site at all, either with Facebook or any other authentication system and the Post to Facebook part is optional.
Obviously if they decide they do want to post their comment to Facebook, then they'll need to login, but I'd rather temporarily take them away from the page to login, post and then be brought back to my site.
What I need to know is how much of Facebook's APIs, Open Graph and Auth systems do I actually need to integrate?
I had hoped that I might be able to generate a simple link to Facebook with their comment embedded as a POST element...?
I'd be really grateful if someone could point me in the right direction!!
(P.S. I need a similar solution for Twitter, but I think that's easier!?!)
The Feed Dialog doesn’t allow including of a pre-set message any more, so you’d have to make that post via the Graph API if you want to pre-fill the message (and even then, you should only do so, if you’ve given the user the possibility to edit the pre-filled message first).
See here for how to make a post on a user’s behalf via Graph API, https://developers.facebook.com/docs/reference/api/user/#posts
You can do that all client-side, if you embed the JavaScript SDK into your page.
You need to set up an app on FB, then have the user connect to it (using FB.login), ask for the necessary permission (publish_stream) while doing so, and after successful login use FB.api to make the Graph API call.

Facebook integration... Where to start?

I recently put a django project of mine into its beta stages and would really like to integrate more with social media, particularly facebook.
Now there are so many facebook integrations out there... I don't know where to start but, I'll tell you what I am after.
My sites publishes content with photos and also user related data (which site doesn't)
on each individual page I already have a facebook like button that basically has the absolute url of that page
so for instance:
http://my-site.com/url-1
http://my-site.com/url-345345
http://my-site.com/url-456456456
When a user likes this particular url I would like them to become a Fan on my facebook site/page as well.
I also added the FB opengraph tool which is a bit more informative once a user likes it. But it still does not publish any statistics to my page.
Can someone give me a bit of an understanding on what the best option is for this type of integration?
As a security option for the user, Facebook has never allowed third party access to "become a fan."
If you want to record locally when someone presses the "Like" button, you'll have to implement it locally (copy the presentation, and query Facebook yourself), so you can intercept the event. I've done that; it's not too hard.
I suggest you review the Connect Terms of Service to see what it is you're allowed to do: http://developers.facebook.com/policy/

OpenId + remember me / staying logged in

I have a question as to how / what the best approaches are to using OpenId and also providing the ability to stay logged in.
If i look at Stackoverflow for example i have logged in using Google and if i close by browser and come back it still has me as logged in.
However, i am not logged into Google and moreoever I have removed stackoverflow from the list of authorised services which have access to your Google account. I would naively expect that stackoverflow would prompt me to login again but it doesn't.
So my question is, what are the best practices regarding OpenId and remembering authenticated users across sessions?
OpenID is still pretty new and several relying parties are trying out new and different ways to implement OpenID. There is a work in progress best practices document for relying parties hosted by the OpenID foundation. In particular, they address the question of cookies and session lengths in their last section. Definitely an interesting idea to use persistent claimed_id cookies rather than persistent session cookies in order to make the user's life easier -- they only have to log out of their OP and close the browser.
Personally I find the behavior you're describing on StackOverflow pretty natural. If OpenID were out of the picture and you were logged into a username/password web site on two different computers with a persistent cookie (a very common scenario), and you changed your password on one, I wouldn't be surprised if the other computer still had me logged in. You could call that a security hole, but it's still normal practice. So normal in fact that Gmail recently added a display at the bottom of your Inbox screen that tells you where else you're logged in and gives you the opportunity to invalidate their session cookie.
I would suggest that a similar approach could be taken by any RP, regardless of the authentication method. And that would probably mitigate the security concern you have.
Stack overflow probably uses a cookie to remember you as user number xyz or session id 1234. After authentication, OpenID has nothing at all to do with the session anymore. SO doesn't have the ability to see if you are still logged in to Google so this seems only natural.