Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
There is a page which does not need any sign in to get accessed. That means, one can directly hit the URL and see that page. When that page is loaded it loads a video and using Ajax makes a request to the server, to increment the view count of the video. Again, if somebody uses something like "firebug", he can see the URL for the request.
The problem is any body can use a load test tool, to mimic the request and increase the video view count, without actually viewing it.
Is there a way to make sure that the request comes from inside a Browser and not some tool ? Or, how do you suggest to solve this?
Thanks Eric ! I think so too. By the way, is there a way in AJAX to set some request attribute (not parameters, which can be mimicked) value, before calling the server URL ? If yes, then the server code can find it and increment the count.