Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a URL that tracks clicks and I want to prevent users from sharing that URL.
So, the idea I had was to create a unique URL that has a string that’s some sort of encrypted timestamp (with a salt), and if the link was clicked within 5 minutes of that encrypted timestamp, then it would be valid.
Is there a better way to do this? If not, how would I decrypt it since the timestamp of when this was generated vs. when it was clicked would be different most of the time?
When the page is served, generate a timestamp convered to the time zone UTC. Encrypt it symmetrically (use AES-256 for example) and place it in the URL.
When a user asks to go to a URL with such an encrypted timestamp, decrypt it with the same key (EDIT: make the key a salted hash of the content in question, such that every differing content has a different, but always the same, key). If the timestamp is less than 5 minutes ago compared to the server’s timestamp converted to the time zone UTC, reject it, else accept it.
The user can’t trick you by entering a different encrypted timestamp, since they don’t know and can’t find out your key (even knowing what timestamp it would have been and the encryption algorithm does not give enough information to find out your key) and all the timestamp picking and comparing is done serverside.
EDIT: With the edit, they also can’t take a timestamp valid for one piece of content and attach it to a timestamp valid for another piece of content.