can I use Session avoid Flood/Spam ? ( spam in form ). I only need avoid use can repeat action as 3,4 action /s .
A:
No, you can't use session mechanism to avoid flood.
Because you can't force a client to keep a session.
You can use session to support CAPTCHA test though.
Col. Shrapnel
2010-09-23 06:41:31
A:
You could track an IP+UserAgent on the server over a short duration, but you couldn't depend on tracking a cookie (as a user agent like cURL could just disregard saving it) unless a valid cookie matching a session was required to interact with your site.
If the IPs or UserAgents spamming your site/app were constantly changing then there's no sense in even storing them on the server to simulate a cookie. You'd want to create a CAPTCHA to gate whatever is being spammed.
We'd need more information to be any less general. ;)
Jeff Standen
2010-09-23 06:53:10
user use cURL can void SEssion on server ? or there has any ways avoid SEssion on server
meotimdihia
2010-09-23 06:55:19
Storing a cookie is something the user agent (e.g. browser) has to do consensually. The request to store a cookie is simply another HTTP Header, and anything (including cURL) can simply ignore it. If sessions require cookies then anything can avoid a session if you want it to.
Jeff Standen
2010-09-23 07:11:58