Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can I determine, if client browser supports sessions?
I’m working on a anti-flood script – I want to limit the operations on the script to 5 seconds for each operation, and I want to store the unix time using the client sessions, but first I’d have to check if they’re enabled. Is that possible to do that?
I’m assuming you’re trying to limit the script from running more than once every 5 seconds per client.
Http is a stateless protocol, and PHP relies on a cookie value (or parameter value) to initialize the session on the server side. Knowing this, using sessions alone is not enough to stop users from flooding your script more than once every 5 seconds. The user client could simple not send the cookie or session ID parameter in the request, and you would have to treat it like a new session.
You will have to use other methods of identifying user sessions. Using the requesting IP address is a good start, but may not work very well for you (especially since many users can have the same public facing IP).