set client cookie to prevent re-registration

Question

I don't have access to run server-side code, so I can't do a PHP session for a registration form. I am going with a client cookie to ensure only one registration per person (per unique e-mail).

Following How do I set/unset cookie with jQuery? I thought I got the hang of it.

But it seems, even if I put in a new e-mail, it will always return alert("You've already registered");. Why is that?

enter image description here

        $("#submitBtn").click(function (event) {
            var subject = "Registration for Walk-a-thon",
                name = document.getElementById("name").value,
                email = document.getElementById("email").value,
                message = document.getElementById("message").value;     

            if (!$.cookie('client_email_cookie')) {                             
                $.cookie("client_email_cookie", email, { path: '/', expires : 10});
                log("Cookie: " + $.cookie("client_email_cookie"));
                var link = "mailto:Jun.Ma2@otis.com; Allison.Rocca@utc.com"
                         + "?cc=daniel.turcotte@carrier.utc.com"
                         + "&subject=" + escape(subject)
                         + "&body=" + escape(message)
                ;
                window.location.href = link;                    
            }
            else {
                alert("You've already registered");
            }
        });

_“I am going with a client cookie to ensure only one registration per person (per unique e-mail)”_ – where is the connection in that? I can use the same email address on multiple clients, and they each get one cookie each … so _nothing_ “ensured” at all. (Apart from the fact that it does not take the most tech-savvy users any more these days to figure out to delete cookies when a site says, _“nah you did that already.”_) — CBroe, May 02 '14 at 17:36
@CBroe I know. See my comment below. Maybe it'd be better to check by IP? — user3871, May 02 '14 at 17:37
I'd just go with doing it the way you are, using cookies. From what you describe, it looks like preventing people from defeating the check isn't really an issue anyway. — ElGavilan, May 02 '14 at 17:38
@ElGavilan Well I'd much prefer to use a server and CAPTCHA, sessions, etc... but I can't. — user3871, May 02 '14 at 17:39

score 0 · Accepted Answer · answered May 02 '14 at 17:31

0

if (!$.cookie('client_email_cookie')) only checks to see if the cookie exists, it doesn't check its value.

$.cookie('client_email_cookie') returns the value of the cookie (in your case email). Compare that value to the email that was entered to see if it has been registered.

Also, not to state the obvious, but this can be easily defeated anyway by the user simply deleting the cookie if they so desire, registering from a different browser or computer, using private browsing, etc...

answered May 02 '14 at 17:31

ElGavilan

6,610
16
27
36

Yeah, it's an internal registration form for my company for a volunteer event, so I don't think people will try to defeat the check. It's just a simple reminder to people if they may try to accidentally re-register – user3871 May 02 '14 at 17:34
okay changed to `if ($.cookie('client_email_cookie') !== email) { $.cookie("client_email_cookie", email, { path: '/', expires : 10});` – user3871 May 02 '14 at 17:36
Would using the client IP be better for the cookie? – user3871 May 02 '14 at 17:39
@Growler You would still need server side code (or to be able to async load a server side page from another site) to do that. Using the entered email address is the simpler option. – ElGavilan May 02 '14 at 17:42

set client cookie to prevent re-registration

1 Answers1