3 December 2013 at 1:16pm
(Last edited: 3 December 2013 4:21pm),
I have a Controller with 2 functions - PostForm() and doPost(), to show form and to handle POST action accordingly. In my form I want to add my own field, something like captcha. I store current time in session and add this value to the form as hidden field.
After posting the form I compare session and POST values. But in my case these values always different. After some logging I found that after posting the form, PostForm() called just before doPost() to obtain form fields, I guess, so my session value rewrited.
And my question - how can I avoid this behavior? To store session in some private place? or to add condition based on URL?
All advices are welcome!
4 December 2013 at 12:26pm
Thank you Devlin for you interest.
In my case security token is not enough just because is it not difficult to parse it by some spam engine. I want to disallow comments posted in 60 sec after page was loaded. so I store time in session and check it on form sibmittion. Hidden field here is not so necessary, just one more verification.
Let's say there is no hidden field, just session.