If you wanna keep the "contest mode" secure, storing anything critical about it in a cookie isn't going to protect you from users potentially tampering with the data. You should be storing this information in the database somewhere. I'd recommend a setup
like this:
You should setup a table like "UserPuzzleStatus" that would store the user, the puzzle, the time they started the puzzle and the time they completed it.
When the user loads a puzzle, you'd wanna do two things: a) Check if the user has already started that puzzle, if so just return it to them(including any progress if you save that on the server). b) Create a new row in UserPuzzleStatus that sets the user,
puzzle, and the start time(making sure to set this to the server's current time!).
When the user finishes the puzzle, you'd then update the puzzle status row to include the time it ended. If they've already finished it, then you shouldn't update at all or else you'd overwrite their original completion time.
The function triggers when user refreshes, and I use the unld() function to save latest puzzle state in the cookie, which is later examined by host side script. This is solving my refresh problem in that user can't revert to an earlier state. what's interesting,
is no when I click the Back button I get messge "Webpage has expired -- the website requires that you download it again. This accomplishes my objective, but I don't understand what is causing the "Webpage expired" state.
rossisdead2
Participant
1313 Points
300 Posts
Re: How to reject a refresh?
May 03, 2012 09:16 PM|LINK
If you wanna keep the "contest mode" secure, storing anything critical about it in a cookie isn't going to protect you from users potentially tampering with the data. You should be storing this information in the database somewhere. I'd recommend a setup like this:
uick383937
Member
81 Points
117 Posts
Re: How to reject a refresh?
May 04, 2012 12:15 AM|LINK
I just stumbled onto something interesting.
I added JavaScript to execute onunload like
<body onunload = "unld();">
The function triggers when user refreshes, and I use the unld() function to save latest puzzle state in the cookie, which is later examined by host side script. This is solving my refresh problem in that user can't revert to an earlier state. what's interesting, is no when I click the Back button I get messge "Webpage has expired -- the website requires that you download it again. This accomplishes my objective, but I don't understand what is causing the "Webpage expired" state.
Any info/insights would be appreciated.
Thanks.