0

I am facing a issue when a user holds F5 for 10-15 minutes the web page becomes unresponsive and finally IIS throws an error.

To manage this, I want to restrict the user from pressing F5(lock F5 event) after certain number of times. After some time interval say 5 minutes I want to enable the refresh functionality(unlock F5 event).

I am using a cookie to save the number of times user presses F5. To handle cookie I am using the code mentioned here.

Assign a event to check if F5 keypress.

$(document).on("keydown", tryingF5);

I am using a variable to hold the cookie value and incrementing it once user presses F5.

var numberOfF5Click = 1;
var thresholdClick = 10;
var numberOfF5Click = 1;
function tryingF5(e) {
        if ((e.which || e.keyCode) == 116) {
            //alert(numberOfF5Click);
            if (numberOfF5Click > thresholdClick) {
                e.preventDefault();
                alert("Multiple refresh has been prevented for some time!!");
            }

            numberOfF5Click = numberOfF5Click + 1;
            docCookies.setItem("NumberOfF5Click", numberOfF5Click);

            //alert("F5 Clicked =" + numberOfF5Click);
        };
    };

The complete code is setup here : JSBin

Question: The code is not working as expected, something is n and How could I do it better ?

Community
  • 1
  • 1
Gun.IO
  • 173
  • 1
  • 1
  • 9
  • 1
    heh heh... is this for real? ;) is it not acceptable for a website to break if a user is willing to spend 15 minutes refreshing the page? – bvaughn Mar 19 '15 at 16:20
  • Did you try to find out what is the thing that could crash your web page ? –  Mar 19 '15 at 16:21
  • Can you use sessions? If you can, use one session var to count how many refreshes have been done, then on your firsts lines of code: if (counter > limit) die();. The user can do F5, but the server will not spend time on him. – Carlos M. Meyer Mar 19 '15 at 16:26
  • brianvaughn and @chikamtsu : You have very valid suggestions. I have spent 1 day to analyze the problem. The changes will take a week time for optimization and I am asked to do this kind of dirty fix. Sometimes higher management looks into only revenue and not understand the real problem. – Gun.IO Mar 19 '15 at 16:26
  • Well, that's a user's trivial attempt at DOS, assuming this isn't a hypothetial question. js is the wrong solution, disable js -> nothing changes. What you should be doing is rate limiting, or using fail2ban or similar. – AD7six Mar 19 '15 at 16:52

1 Answers1

0

Try this:

var everyXMinutes = 5 * 1000; // 5 seconds
var maxPerEveryXMinutes = 5; // 5 times per x seconds.

document.onkeydown = function (e) {
    if (e.keyCode === 116) {
        if (!localStorage.refreshments) {
            localStorage.refreshments = JSON.stringify([]);
        }
        var refreshments = JSON.parse(localStorage.refreshments);
        var date = new Date();
        if (date.getTime() - refreshments[refreshments.length - 1] >= everyXMinutes) {
            refreshments = [];
        } else if (refreshments.length >= maxPerEveryXMinutes) {
            alert("You must wait " + ((everyXMinutes - (date.getTime() - refreshments[refreshments.length - 1])) / 1000) + "s in order to be able to use the refresh function.");
            return false;
        }            
        refreshments.push(date.getTime());
        localStorage.refreshments = JSON.stringify(refreshments);
    }
};