I am creating an web application which allows user to post some article/blog on application. I want to allow users to edit the blog only uptil limited time of creating that blog. Like say just 15-20 minutes.
To provide this feature I am thinking of taking help of cookies. Whenever a new blog is created, I will create an expiring cookie on user’s computer. Whenever user tries to edit a blog, that corresponding cookie must be present and sent to the server, if no cookie present/expired then no edit allowed!
Is this a good way to implement this functionality? Are there any better alternatives to this ?
I do not want to make a read from the database to see what time blog was created and then allow him to edit or not.(My DB is not read optimized, it is write optimized) I know if the cookies are disabled then functionality could not be implemented with that user or if user changed the computer in between, but you can safely assume that I can live with those limitations. Any comments, feedback, criticism welcomed!
Cookies expirations can be manipulated easily. You would need to store this data on the server side in a session (persisted either with a file, memcache, or your database), or you can use the data attached to the blog post.
Your claim that your database engine is not read optimized is hogwash. If it’s not custom written, I assure you it can handle a query to check when a row was created (provided that is stored).