I'm new at Laravel and PHP. i want to block the users who have failed to login more than 3 times in 5 minutes for a certain period of time, say 30 minutes.

i have done this process completely and it works but the problem is the person can change his IP address using VPN so easily and start to send request again and also if i detect the person by browser, he can change his browser.

so i have to work with which information that the person can not change it easily?

i try using user_agent and also IP but they are not constant. and also i try to set a cookie in browser but it isn't good idea.

i expect find a field in the client information that person can't change it so easy, so i can detect the person correctly. thanks for your help ^_^

CodePudding user response：

Short answer: you need to 1st establish levels of security and/or emails that you want to implement

Long answer with some suggestions:

1. have a user login with an OTP (one time password) sent to them via email/ whatsapp/ SMS, etc.

2. Alternatively, use a double authentication method to login people

3. Use 3rd party login services like logging in via Google/ FB, etc. (not recommended)

Use any of the above with a sound session handling system, and use https (& if you don't want to rely on cookies : debatable topic if you use https), then embed session in your requests (GET/ Post, etc)

Hope this helps

CodePudding user response：

You could try to store the information in the clients browser with https://samy.pl/evercookie/