Preventing anonymous user from submiting form many times in ASP.NET without SqlMembershipProvider

Question

Hi,

I have a simple form that dumps selected answers to XML file. How to prevent anonymous user from submitting this form many times?

I am not looking for totally bulletproof solution, and I have a limitation that I cannot use the database, and therefore no SqlMembershipProvider.

Will some cookie checking work? How to do this right?

Thank you in advance.

Update: To be more precise, I do not only mean some accidental submitting of the form but to prevent user that visited the site a week ago from submitting this form again.

Answer 1

Use the session variables to keep track of what your user is doing.

Answer 2

In short, you can't totally reliably. If you're not bothered about something bullet proof as you say you could either

a) Persist a cookie to the client machine and check for it next time someone posts. Obviously the user can delete cookies so not brilliant. b) You could store the IP address of where it was submitted from. Problem with this is that you'll prevent multiple users behind the same IP submitting i.e. proxy, and the same user could post from different locations.

Neither is particularly good and if it's possible I'd recommend asking them to input an email address at the start, store the post as non-confirmed, email a confirmation link out and only make the post official if they click on it. Again, not bullet proof as it doesn't stop people posting with multiple email accounts but it's a little better than the options above.

HTH