All geek questions in one place

Using a session to limit application time

I spent more than 2 hours cleaning the network trying to figure it out. I am trying to stop the transfer of multiple forms faster than 60 seconds. Here is what I use.

session_start(); if (!isset($_SESSION['last_submit'])) $_SESSION['last_submit'] = time(); if (time()-$_SESSION['last_submit'] < 60) die('Post limit exceeded. Please wait at least 60 seconds'); else $_SESION['last_submit'] = time();

I found this bit here on the site, but couldn't figure out anything else as far as it could work. I have this bit of code on my page at the beginning that executes a DB query with the POST results of the previous pages. Do I need to set $last_submit to a specific value? Any help is appreciated.

+6
source share
2 answers

You have two problems. Firstly, the first time you set the value of the time() session, so the first attempt will always lead to exceeding the limit. The second problem is that you have a typo in $_SESION .

Try:

 session_start(); if (isset($_SESSION['last_submit']) && time()-$_SESSION['last_submit'] < 60) die('Post limit exceeded. Please wait at least 60 seconds'); else $_SESSION['last_submit'] = time();

It should also be noted that this is not reliable, as users may refuse cookies or delete a session cookie to bypass the validation.

+6
source

Last statement:

$_SESION['last_submit'] = time();

it should be:

$_SESSION['last_submit'] = time();

You forgot s ...

Also this piece of code will die, meaning that the die statement will be executed.

Alternative:

 if (time() - ( isset($_SESSION['last_submit'])?$_SESSION['last_submit']:0 )< 60) die('Post limit exceeded. Please wait at least 60 seconds'); // update the session $_SESSION['last_submit'] = time();
+2
source

Source: https://habr.com/ru/post/927326/

More articles:


All Articles