aspose file tools*
The moose likes Servlets and the fly likes Using Cookies to Prevent Multiple Sends Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Using Cookies to Prevent Multiple Sends" Watch "Using Cookies to Prevent Multiple Sends" New topic
Author

Using Cookies to Prevent Multiple Sends

Mike Spenser
Greenhorn

Joined: Jun 13, 2006
Posts: 21
I've got a polling system that sets a cookie on vote and then if the user votes twice it shouldn't record the vote again. I dont' see the problem with my code (below). Especially since it is setting things correctly as my JSP checks for an attempt to vote again and tells the user "Sorry you can only vote once" yet it still records it twice. I'm thinking it may have something to do with the view.forward but I'm not sure.



and then my JSP results page:


[ August 08, 2006: Message edited by: Mike Spenser ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60041
    
  65

Before diving into your cookie problem, you do realize that cookies, being a client-side mechanism, are not a very secure way to do what you are trying to do?

A temp cookie can be removed simpley by closing and re-opening the browser, and disk cookies are easily removed either through browser controls or by removing the cookie file from the disk.

If you want a more secure way of preventing voting fraud, you'll need a server-side solution.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18110
    
    8

This code:is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.
Mike Spenser
Greenhorn

Joined: Jun 13, 2006
Posts: 21
@Bear
Yes I realize that. However its just a poll. The two easiest to implement solutions would've been to either use cookies or use IP addresses. With IP addresses you are erring on the side of not allowing a vote, such as if someone from within a private network votes thus preventing anyone else from within that network from voting as I'm recording their public IP. While with a cookie you err on the side of letting them vote, because they may just have cookies blocked in which case the code never errors or they may clear them, or whatever. But for a poll it really doesn't matter. I still record their IPs just in case there is a case of abuse. And besides any system, client or server-side can be gotten around if the user really wants to. So if they want to invest the time and effort to make 2 votes go ahead.
------------------------------------------------------
is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.[/qb]<hr></blockquote>

How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?
[ August 09, 2006: Message edited by: Mike Spenser ]
Arvind Sampath
Ranch Hand

Joined: May 11, 2005
Posts: 144
How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?


How about a 'return;' statement inside the if loop after the view.forward() ?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using Cookies to Prevent Multiple Sends
 
Similar Threads
JSp with Cookies HFSJ pg 386
404 Error
Passing data to and from a jsp page
strange cookie behaviour
Compiling result.jsp (page 89 HFSJ)