can I use Session avoid Flood/Spam ? ( spam in form ). I only need avoid use can repeat action as 3,4 action /s .
Asked
Active
Viewed 1,226 times
1
-
Spam as in spams in emails? I can hardly see any relationship between PHP Session and that :) – Michael Mao Sep 23 '10 at 06:40
-
Can you elaborate more on what you are trying to do? – GWW Sep 23 '10 at 06:40
-
Why not just use a Captcha system? – RobertPitt Sep 23 '10 at 06:55
-
i dont want use Captcha , it feel annoy – meotimdihia Sep 23 '10 at 06:56
-
there are ways other than captcha. but it require deep understanding of technology. but still sessions has nothing to do here – Your Common Sense Sep 23 '10 at 07:54
2 Answers
2
No, you can't use session mechanism to avoid flood.
Because you can't force a client to keep a session.
You can use session to support CAPTCHA test though.
Your Common Sense
- 156,878
- 40
- 214
- 345
0
You could track an IP+UserAgent on the server over a short duration, but you couldn't depend on tracking a cookie (as a user agent like cURL could just disregard saving it) unless a valid cookie matching a session was required to interact with your site.
If the IPs or UserAgents spamming your site/app were constantly changing then there's no sense in even storing them on the server to simulate a cookie. You'd want to create a CAPTCHA to gate whatever is being spammed.
We'd need more information to be any less general. ;)
Jeff Standen
- 6,670
- 1
- 17
- 18
-
user use cURL can void SEssion on server ? or there has any ways avoid SEssion on server – meotimdihia Sep 23 '10 at 06:55
-
Storing a cookie is something the user agent (e.g. browser) has to do consensually. The request to store a cookie is simply another HTTP Header, and anything (including cURL) can simply ignore it. If sessions require cookies then anything can avoid a session if you want it to. – Jeff Standen Sep 23 '10 at 07:11