Jump to:

23377 Posts in 18296 Topics by 2867 members

General Questions

SilverStripe Forums » General Questions » Session does not work if Cookies are disabled

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2157 Views
  • spierala
    Avatar
    Community Member
    80 Posts

    Session does not work if Cookies are disabled Link to this post

    Hello all,
    I coded a little counter (an internal i-like).
    To prevent users form liking 100 times in a row, I check with the Session Class of Silverstripe if that page was already liked:

    public function countUp(){
       if(Session::get('liked-' . $this->ID) == false){
          Session::set('liked-' . $this->ID, 'true');
          $this->Counter = $this->Counter+1;
          $this->writeToStage('Stage');
          $this->publish("Stage", "Live");
       }
    }

    that blocking works so far, but users who disable their cookies can like unlimited
    I do not understand why Silverstripe Session does rely on cookies to work.
    florian

  • MarcusDalgren
    Avatar
    Community Member
    288 Posts

    Re: Session does not work if Cookies are disabled Link to this post

    Checking the session is a really short term solution anyway since the session only lasts for as long as the browser window is open. Just closing it and opening the browser again will give you a new session and you can vote again. Generally session through cookies is the norm since session through GET variables is considered insecure AFAIK.

    Cookies is really your only option if you want to make a long term check unless you want to log ip addresses but since some people have dynamic ip that doesn't really work either.

  • spierala
    Avatar
    Community Member
    80 Posts

    Re: Session does not work if Cookies are disabled Link to this post

    hey smurkas,
    thank you for your answer.
    so that really means silverstripe session does only work with cookies enabled right?

    maybe i could write all the ips that voted to the database and block them for a few minutes.

    cheers,
    florian

  • Devlin
    Avatar
    Community Member
    215 Posts

    Re: Session does not work if Cookies are disabled Link to this post

    so that really means silverstripe session does only work with cookies enabled right?

    http://php.net/manual/en/session.configuration.php

    maybe i could write all the ips that voted to the database and block them for a few minutes.

    Please consider that a lot of people share one IP address, that there are easy changeable dynamic IPs, proxies, etc.

  • spierala
    Avatar
    Community Member
    80 Posts

    Re: Session does not work if Cookies are disabled Link to this post

    hey devlin,
    I just coded the ip-block for re-votes via ip tracking in the database . I just block ip´s that are younger than 10 minutes. That is combined with the session check and a cookie.
    It´s not a big problem if someone finds a way to vote twice by changing ip or disable cookies.

    I just want to prevent someone clicking 20 times in 2 seconds.
    I would do that to check if it´s a proper counter

    here is my final code:

    public function countUp(){
       if(!isset($_COOKIE['liked-' . $this->ID]) && Session::get('liked-' . $this->ID) == false){
          Session::set('liked-' . $this->ID, 'true');
          setcookie('liked-'.$this->ID, time(), time()+3600*24*365, '/');
          if($this->checkIpVoted()==false){
             $vote = new ILikeVote();
             $vote->Timestamp = time();
             $vote->VotedPageID = $this->ID;
             $vote->IP = $_SERVER['REMOTE_ADDR'];
             $vote->write(); //write to d
             //increment the counter of the page
             $this->Counter = $this->Counter+1;
             $this->writeToStage('Stage');
             $this->publish("Stage", "Live");
          }
       }
    }

    private function checkIpVoted(){
       $ret = false;
       $time = time();
       $timeLimit = $time - 600;
       $vote = DataObject::get_one(
          $obj = "ILikeVote",
       $filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp > {$timeLimit}"
       );
       if($vote){
          $ret = true;
       }
       //get old votes and delete them
       $oldVotes = DataObject::get(
          $obj = "ILikeVote",
       $filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp < {$timeLimit}"
       );
       if($oldVotes){ //delete old votes of that ip (older than 10min)
          foreach($oldVotes as $vote){
             $vote->delete();
          }
       }
       return $ret;
    }

    2157 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.