My website allows guest/anonymous users to upload content. What is a way that I can allow them to edit this content without having to create a account?

Comments (19)

Mark's photo

Another idea, which may require too much effort on the part of the user, is to show a unique token or url for each uploaded piece of content. The user can choose to store this and use it to edit the content.

Advantages: it's more anonymous, since there are no cookies to track users, and you can't even track which pieces of content are uploaded by the same user. The tokens also persist after clearing cookies or even reinstalling the PC.

Disadvantages: it's clearly quite some effort for the user to keep track of all the tokens.

P.s. it sounds like may use your service to upload nsfw or copyrighted content.... But maybe that's the point.

Show all replies
Mark's photo

formerly known as M

Given the lengths mentioned in other answers, it might be worth adding that the token should be longer than 4 characters. It can just be 32 because people will just copy-paste or bookmark it anyway, nobody is going to remember even 6 random characters per upload, why make it short?

Gijo Varghese's photo

Even though they're anonymous users, generate a unique id for each user from the client side itself and save it in cookies with a long expiry.

Whenever someone uploads a file save that unique id along with the file. Now you can allow users to edit the file if its owner is the same as in the cookies.

You can use uuidv4 or something for unique ids

Show all replies
Gijo Varghese's photo

Co-founder & CTO @ MFY.im

"who uploaded which content" that is what the author of this question wants!

Jason Knight's photo

I'd at least make them type in an e-mail address if they want to edit. Generate an authorization code for editing, and send it to them that way. OR just display the edit authorization code when they create the file, they lose that code, well... that's their fault.

Any other method -- sessions, cookies, localstorage -- isn't portable or permanent.

Show all replies
Jason Knight's photo

The less code you use, the less there is to break

Gijo Varghese Basically what Mark said. He calls it a token... people also call them hashes, passwords, whatever. A unique randomly generated sequence of characters that you use to authorize the access.He and I said the same thing, we just used different terminology.

You could either have them enter a e-mail to have it sent to them, or simply display it on screen, or even put up two different URL's -- one for showing it, one for editing it.

I rarely suggest using JavaScript for "Add bookmark" methods, but this is a case where the technique would be a nice enhancement. Show the edit token as a URI with a button next to it for bookmarking.

You could even once it is uploaded go straight to the edit page for it, giving them the chance to bookmark the edit page URI.

Girish Patil's photo

No need to collect anything from users instead, hash the things as discussed here. Let users upload the content no strings attached, now generate a very long id lets say its the private key to the user, now make sure you have your very own secret key with you that you will be using for all the requests. Now to store the file, ask them to give some name/generate something random yourself, using your secret key and the users private key, create a permanent hash and append it with the file name and store it.

Lets say, User's private key = DDA22E18DA54C1494E90324ADE71400C48DEC72AEE5C25B2A0A63CD497398052 ( this is SHA256 of "hashnode") Your private key = 2F183A4E64493AF3F377F745EDA502363CD3E7EF6E4D266D444758DE0A85FCC8 (SHA256 of "anonymous")

Now to store the file : SHA256(SHA256(user's private key) + SHA256(your private key)) 7433BACE002F1403E6AFCFF8A5FE8FBAE55192682992802E160C2A388E0FA1F4 + 2C9A303023DEF128C4FBC1FBF1C70BE6A1F9739A3D765DFC4F24DA9AD6D725A7

The final hash : E954EA3B3AE1B245C2B6C664D88582887ED986613F6CD18A5E1166AD9BFFBF85

Now create a directory with the final hash and store the files inside that directory with some random name/number/name given by user into that folder.

To retrieve the files. Just take in the user's private key SHA256 it, SHA256 your secret key and then SHA256 the whole appended hash, you have the directory name. Lookup the directory, if its present list the files else the user has no files yet. If looking up files/ reading a huge directory is not a good idea. Instead, you can use a database to verify if files are present or not.

You can modify this to give particular links to every file as per other discussions done here.

To make it user-friendly store the user's private key in local storage and then retrieve it next time automatically when the page loads.

Disadvantage: If the user loses his so-called private key, everything is gone.

Bhuwan Gurung's photo

You can generate unique url for each file like snag.gy does

Mike's photo

Use a random code in the url (8 letters/digits should be enough) so that they can access their space on both desktop and mobile devices. It's kind of like mailinator.com where you can create fake email addresses. The only thing is that if you use an existing name, you can read the content of that user. Maybe that's ok for your use case?

Aniketh Saha's photo

give them a random token to remember ( not long 4 digit ) and then this will there identity . Store this in cookie and give them the editing ability using this token

Show all replies
Aniketh Saha's photo

I am web developer with a special crush on blockchain technology and having affairs with node.js and react.js.

Actually its not digit .... it should be characters with numbers. Sorry my mistake