I posted a question last night, but unfortunately I was not specific enough vis a vis the situation I have found myself in. I have been given a homework assignment in which we are to create a ‘comments’ section for a blog. However, for the user to leave a comment, they must enter a captcha. Our task is to use cookies to track login attempts.
What I failed to explain properly in my original qestion is:
We must use cookies. This is an exercise aimed specifically at cookie implementation. It is not best practice, in is vulnerable. Our instructor has explained why we should not do this in a ‘real world’ situation, but he wants us to understand and demonstrate the use of cookies.
I posted a question last night, but unfortunately I was not specific enough vis a vis the situation I have found myself in. I have been given a homework assignment in which we are to create a ‘comments’ section for a blog. However, for the user to leave a comment, they must enter a captcha. Our task is to use cookies to track login attempts.
What I failed to explain properly in my original qestion is:
We must use cookies. This is an exercise aimed specifically at cookie implementation. It is not best practice, in is vulnerable. Our instructor has explained why we should not do this in a ‘real world’ situation, but he wants us to understand and demonstrate the use of cookies.
We need to allow the user as many chances as they wish to login. However, if they try five times within a 30 second window, they are locked out for three minutes.
Most folks mentioned that I should use session, which makes sense. However, it is not allowed.
At a high level, all you need to do is to store the timestamps instead of the “count”. Then on each request you can toss away timestamps older than 30 seconds and count the rest.
We need to allow the user as many chances as they wish to login. However, if they try five times within a 30 second window, they are locked out for three minutes.
Most folks mentioned that I should use session, which makes sense. However, it is not allowed. One user mentioned that all I need to do is store the timestamps instead of the ‘count’, and then toss away timestamps older than 30 seconds and count the rest. This makes sense, but how do you achieve this practically?
This is a homework question, I certainly don’t expect code. I am just looking for some clarity into the whole ‘cookie thing’. Should I store timestamps in an array? If so, how do you do this? If time exceeds 30 seconds, how do I delete them out of the array?
I think I am suffering from a bit of a lack of understanding of cookies in general. Any clarification would be greatly appreciated. I hope I have been succinct with out wasting anyones valuable time. Thank you.
My suggestion would be that if you must use cookies, you can simply set individual cookies as flags for failed attempts with expire times of 30 seconds, and if all 4 failed attempt flags are present and they fail again, set another flag cookie that expires in 3 minutes and disallows any attempts while that flag is set.