Part II of Re: On-Rev Web Form Dropping Data

Bob Sneidar bobs at twft.com
Thu Dec 2 18:12:11 EST 2010 

Hi Gregory. This will not do. Virtually every home router and many industrial ones use some form of NAT routing so you would be excluding all students who are behind such a router from interacting simultaneously with your web site. Rather, develop a method for uniquely identifying each connection using information that must be unique. Usually a user name and password will suffice. 

Now if security is an issue, you may want to develop a third bit of information to challenge anyone logging in for the first time (because the cookie does not yet exist) like a couple of questions/answers that the user sets up when they first create the account. Obviously, do not store the questions and answers in the cookie! 

Once you create the cookie, you don't need to ask again, so long as you find the cookie at login time. but suppose the user clears out his/her cookies? Well you need to challenge them again to make sure they really are who they say they are. 

That should be good enough, and this will allow users to connect from virtually anywhere, like their iPad, laptop, computer at work etc. and still get their own account. 

Bob


On Dec 2, 2010, at 2:41 PM, Gregory Lypny wrote:

> Hi Everyone,
> 
> Yesterday I posted a long question (sorry about that) concerning data lost from a web form submitted through my On-Rev site, where two students appear to have submitted quiz answers from the same IP address at virtually the same time.  Bob Sneidar replied asking whether I had accounted for the possibility that more than one person could sign on to my site from the same IP, and I had said that I have not prohibited that.
> 
> Well, I have since spoken to the students who submitted blank quizzes, and it turns out that they live together, share a wireless network, and each has her own computer.  This probably means that they have their router set to share a single IP address or some such thing.  I guess what I should do is revise by sign-in script to disallow multiple sign-ins from the same IP.
> 
> Regards,
> 
> Gregory
> 
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list