0

I'm having a problem. I have a page with about 1,200 buttons, the website will not be a membership website, I just want to be able to keep track of each visitor to ensure that a button that they clicked on cannot be clicked by them again until 24 hours have expired.

I know i could use cookies, but thats too much for 1,200 buttons.

Here is what the buttons html are like:

<li><a href="http://google.com" class="btn_smallorange" id="button1">Button 1</a></li>

Do you have any suggestions -- I am open to almost any type of script, but know that this website was made with PHP?

Roger Williams
  • 159
  • 2
  • 7
  • 15
  • the only other way to accomplish that is to save the ip, but setting this data in a cookie is nothing, i advise: stay with the cookies – Soundz Aug 25 '12 at 21:48
  • I wanted to use cookies but there are just too many links, besides isn't there a limit on how many cookies any one website can set on a user's machine? – Roger Williams Aug 25 '12 at 21:52
  • 1
    You could just serialize the form and store everything in a single cookie if you want. – Christofer Eliasson Aug 25 '12 at 21:53

2 Answers2

3

Your choices for keeping track of a given browser with some sort of browser-identifying ID (so you might know who a given user is) are:

  1. Cookies
  2. Local Storage

Your choices for storing the state of the 1200 buttons are:

  1. Server-side storage of the state that is given to the web page by the server
  2. Cookies (probably have to collapse the data to one bit per button0
  3. Local storage

So, for example, you could combine storing a browser identifing value in a cookie with storing the actual button state in a server-side database. Then, when the page is rendered, you look up the button state in the database for the browserID that is in the cookie and you either disable or remove the relevant buttons from the rendered HTML page.

You could do all the storage in a cookie by collapsing the 1200 buttons state to one bit per button. Using A-Z and a-z and 0-9 and a couple of symbols, you could easily have 64 values per character which would allow you to store the on/off state for 32 buttons per character so the on/off state for 1200 buttons could be stored in 38 characters which easily fits in a cookie. If you had to store a time/date for each button too, then that won't fit into a cookie so you'd be left to server-side storage or local storage.

FYI, I hope you realize that any client-side scheme is very easy to get around. In fact, if you're just trying to prevent a user from going to the same URL more than once, all they have to do is bookmark the original URL and they can go there as often as they like without even visiting your web page. Or, they can just wipe cookies or local storage. Or, they can just go to a different browser.

The only real way to prevent multiple visits is to require user authentication and validate (on your web server) that a given logged-in user is allowed to visit any given page before rendering the page. So, if you want to do this robustly, then it has to all be done server-side and you will need some sort of site login.

jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • Thanks for the response, all this would have been so much easier if I didn't have to disable the link for 24 hours. – Roger Williams Aug 25 '12 at 22:08
  • @RogerWilliams - what prevents the user from just using a different browser or bookmarking the original link? – jfriend00 Aug 25 '12 at 22:10
  • My focus is not so much on security, but making the site user-friendly, if the user refreshes or leaves the page I want the user to see what button they have clicked in the past 24 hours, so they can focus on the other links. – Roger Williams Aug 25 '12 at 22:14
  • @RogerWilliams - then I'd just suggest storing your state in local storage and use javascript upon page load to read that local storage and set the state of the buttons. – jfriend00 Aug 25 '12 at 22:15
  • I will look into that or possibly php session (array) – Roger Williams Aug 25 '12 at 22:17
1

If you want to avoid a proliferation of up to 1200 cookies on the visitor's browser, you need to look into "sessions". A session stores a single ID as a cookie on the visitor's browser, and then uses this as a key to a larger store of data on the server. As well as being much quicker, sending less data to the browser means less chance for the user to see and mess with it.

PHP's session support is documented at http://php.net/manual/en/intro.session.php

Incidentally, note that it's entirely trivial to by-pass any restriction which relies on the absence of a cookie or similar in this way - for instance you can switch to another browser, use the browser's "clear history" or "private browsing" modes, etc.

IMSoP
  • 89,526
  • 13
  • 117
  • 169