FAANG | Competitive programming questions | Learning library

Notify users that the site will not work correctly without cookies enabled. Create the timestamp cookie when they enter the sign-up or sign-on page if it doesn't exist.. If a user requests to sign-in or sign-up and your cookie doesn't exist upon trying to read their timestamp, we know that they have cookies disabled or that it could be a malicious user.. If it exists obviously you'd compare the timestamps and update their cookie timestamp after the request logic has ran. Now if it doesn't exist tell them to enable cookies or the website won't work. This would prevent malicious use and kick IP Addresses out of the equation. If malicious users are truly a problem/concern for you the only way around the IP Address problem is with cookies, or with much more complicated logic than you currently have that attempts to identify malicious intent(could shoot yourself in the foot if it takes action against a false positive though I wouldn't recommend this route). Make sure you take steps to secure your cookie as well.

If you don't want to go the cookie route, you can run logic over client data to try and identify users with things like timezone, fonts installed, screen resolution etc.

A lot of websites require the use of cookies for full website functionality these days anyway; probably for this reason as well.

You can set up a simple key value pair database on your server. When a user requests, take things like timezone, fonts installed, screen resolution etc, and change all that data into a string without spaces, then turn it into a strong hash(a hash that would change if just one character in the string was different). The resulting hash would be the key used to identify the user. The value associated with said key would be their unique timestamp that represents the last time they accessed the server. Additionally make sure you are pulling the width and height of the actual screen, not the browser viewport.. otherwise they could resize the screen to make themself seem like a unique user if they were able to even figure out how the server identifies you. Obviously if the hash is different upon client request it's relatively safe to assume it's a new user.

With this method you wouldn't even need to use cookies. Additionally there are also loads of JS libraries that give more comprehensive client data, I suggest you check those out to build stronger unique hashes for a stronger identification of the client. To make it even better place the key value pair database on a proxy server and allow the request to the server if the conditions are met that are processed on the proxy server. Additionally you can use a service like Cloudflare to place in front of your proxy in case someone tries to DDoS the proxy server. If that happens you can get a new IP for the proxy and change it to the new IP on your DNS.

You can use matplotlib's subplots function to do this. Here is an example with a synthetic dataset:

Dictionary keys must be hashable objects.

In order for an object to be hashable, it should be an instance of a class that implements __eq__ and __hash__ methods.

Objects of list type are not hashable.

Side note: hashable does not mean immutable in python

You can use tuple instead of list: