I’m working on a web app which must measure the time user needs to do something. I can’t simply use javascript time object, because the user may change system time to cheat and fool the app. I’d need some way to prevent this.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m working on a web app which must measure the time user needs to do something. I can’t simply use javascript time object, because the user may change system time to cheat and fool the app. I’d need some way to prevent this.
I would make the web app send heartbeats or any other form of signals back to the server side. Then you can construct some metrics like
duration = end - startAccounting for the round trip client-server communication, this isn’t suitable for ms resolution measurements, obviously.
Note : It’s not a good idea to just read the time from a “trusted” web service into your client side app, you can’t really guarantee the app wouldn’t temper with it. (One of cardinal rules in client side dealings, is to not trust its input, e.g. for validation, you still need server-side validation on top). However if you just send signals to the server, log its timestamp using the server’s clock, you are a lot safer.