21277 Posts in 5728 Topics by 2599 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 1540 Views |
-
Session does not work if Cookies are disabled
10 November 2011 at 7:15am Last edited: 10 November 2011 8:31am
Hello all,
I coded a little counter (an internal i-like).
To prevent users form liking 100 times in a row, I check with the Session Class of Silverstripe if that page was already liked:public function countUp(){
if(Session::get('liked-' . $this->ID) == false){
Session::set('liked-' . $this->ID, 'true');
$this->Counter = $this->Counter+1;
$this->writeToStage('Stage');
$this->publish("Stage", "Live");
}
}that blocking works so far, but users who disable their cookies can like unlimited
I do not understand why Silverstripe Session does rely on cookies to work.
florian -
Re: Session does not work if Cookies are disabled
10 November 2011 at 9:35am
Checking the session is a really short term solution anyway since the session only lasts for as long as the browser window is open. Just closing it and opening the browser again will give you a new session and you can vote again. Generally session through cookies is the norm since session through GET variables is considered insecure AFAIK.
Cookies is really your only option if you want to make a long term check unless you want to log ip addresses but since some people have dynamic ip that doesn't really work either.
-
Re: Session does not work if Cookies are disabled
10 November 2011 at 11:35pm
hey smurkas,
thank you for your answer.
so that really means silverstripe session does only work with cookies enabled right?
maybe i could write all the ips that voted to the database and block them for a few minutes.
cheers,
florian -
Re: Session does not work if Cookies are disabled
11 November 2011 at 3:00am Last edited: 11 November 2011 3:37am
so that really means silverstripe session does only work with cookies enabled right?
http://php.net/manual/en/session.configuration.php
maybe i could write all the ips that voted to the database and block them for a few minutes.
Please consider that a lot of people share one IP address, that there are easy changeable dynamic IPs, proxies, etc.
-
Re: Session does not work if Cookies are disabled
11 November 2011 at 4:35am Last edited: 11 November 2011 4:38am
hey devlin,
I just coded the ip-block for re-votes via ip tracking in the database . I just block ip´s that are younger than 10 minutes. That is combined with the session check and a cookie.
It´s not a big problem if someone finds a way to vote twice by changing ip or disable cookies.I just want to prevent someone clicking 20 times in 2 seconds.
I would do that to check if it´s a proper counter
here is my final code:
public function countUp(){
if(!isset($_COOKIE['liked-' . $this->ID]) && Session::get('liked-' . $this->ID) == false){
Session::set('liked-' . $this->ID, 'true');
setcookie('liked-'.$this->ID, time(), time()+3600*24*365, '/');
if($this->checkIpVoted()==false){
$vote = new ILikeVote();
$vote->Timestamp = time();
$vote->VotedPageID = $this->ID;
$vote->IP = $_SERVER['REMOTE_ADDR'];
$vote->write(); //write to d
//increment the counter of the page
$this->Counter = $this->Counter+1;
$this->writeToStage('Stage');
$this->publish("Stage", "Live");
}
}
}private function checkIpVoted(){
$ret = false;
$time = time();
$timeLimit = $time - 600;
$vote = DataObject::get_one(
$obj = "ILikeVote",
$filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp > {$timeLimit}"
);
if($vote){
$ret = true;
}
//get old votes and delete them
$oldVotes = DataObject::get(
$obj = "ILikeVote",
$filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp < {$timeLimit}"
);
if($oldVotes){ //delete old votes of that ip (older than 10min)
foreach($oldVotes as $vote){
$vote->delete();
}
}
return $ret;
}
| 1540 Views | ||
|
Page:
1
|
Go to Top |
