Securing forms

**nuthead** · 07-11-2003 01:49 PM

I'm wanting to know if its possible to stop people clicking "back" and re-submitting a form which is uded to update an account after payment. It's easy to just click back and hit refresh which would credit the users account again for free! Not many people will think of this but it's possible and could end up costing me a fortune!

**AdamBrill** · 07-11-2003 07:15 PM

You could either log the IP or set a cookie. Either way would work, so it is up to you.

**nuthead** · 07-15-2003 01:01 AM

OOO cookies, thats a good idea!

**AdamGundry** · 07-15-2003 03:48 AM

Unless the user rejects the cookie, which is quite possible - in Mozilla, it takes 2 clicks to block cookies from a site.

Adam

**nuthead** · 07-15-2003 03:53 AM

good point, any other ideas?

**AdamGundry** · 07-15-2003 04:04 AM

You could perhaps give them a code after paying (perhaps a MD5 hash of a random number) which is stored in a database table/file of allowed codes until they use it once, then it is deleted. You could pass the code in a hidden form field.

Adam

**nuthead** · 07-15-2003 04:09 AM

at the moment they get a code which is posted from a 3rd party, verified and then redirected back to my account update page. I could log the code in a file and check it every time a code is entered but that would involve a ton more coding and as I can only use flat files after a while the script would just time out! Cookies are working for now, my users can just get over it :P

Thread: Securing forms

Thread Tools

Display

Securing forms

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions