5

I created a form with Html, CSS and JavaScript and an API with ASP.NET for the HTTP request. Users will have a link to fill in the form. Is there any browser id or IP which I can get so prevent the user to submit multiple times the form?

Disable the submit button is not an option The form has to be anonymous so a unique id for the users is also not an option

Panos
  • 53
  • 5
  • 1
    I think you cannot prevent this at the client-side no matter what you do as someone could simulate the request for example. Instead, it's better if you can find a way to handle this case at the server side somehow. – Juho Vepsäläinen Jul 28 '22 at 05:40
  • This needs to be taken care of at the backend side, Use some primary parameters (like email id). If data already exists with that primary key throw error and show the proper message to the user. – UniCoder Jul 28 '22 at 05:41
  • 1
    you could make a cookie. When they go back to the form the cookie can deny access to that page – Minimumspace Jul 28 '22 at 05:41
  • But i see that happening in some social experiment or election's poll that if you submit one you cannot have access from the same browser to form or poll. The form has to be anonymous so a unique id for the users is also not an option – Panos Jul 28 '22 at 05:46
  • @Minimumspace that can be useful, but what I have to save on the cookie so that I know that from this browser has already been submitted? – Panos Jul 28 '22 at 05:56
  • 1
    Cookie/webstorage would be my suggestion as well. You should look in to how to generate a GUID and store that in the cookie. – Teemu Eronen Jul 28 '22 at 06:00
  • Wait wait wait... "Is there any browser id or IP which I can get" then "The form has to be anonymous so a unique id for the users is also not an option" What's the difference between a unique id and a unique id?? – Salketer Jul 28 '22 at 08:42
  • unique id for user i understand it like a login or something like that or like sam has 0001, andrew has 00002, id of browser do not know who has this id – Panos Jul 28 '22 at 12:24

2 Answers2

0

you could make like a cookie in java script that doesn't expire. after that you could make a if else state and check for the cookie if it exists in the browser

value_or_null = (document.cookie.match(/^(?:.*;)?\s*MyCookie\s*=\s*([^;]+)(?:.*)?$/)||[,null])[1]
// Put your cookie name in in place of MyCookie.

if (value_or_null = 1)
{
   //redirect to other page
}
else
{
   // let him do the form 
}
Minimumspace
  • 341
  • 2
  • 21
0

There is no 100% safe way, as returning users could have cleared they cache or something. Also, tracking the IP could potentially work, but you ask for full anonymity...

If you want your server to have authority on this decision, the only information you will have or can use is the IP address. Even that would not be accurate if your users hop on different VPNs and stuff.

What I think could work is if the link for the users to access the form is unique for each user. You'd generate a UUID, that way it cannot be guessed if users want to answer more than one. That UUID would have no link to any user, it would just be stored in a list of VALID UUID and get removed when the user uses it to answer.

The link would provide the UUID through query param, the javascript would then add its value to the form when being sent.

If you do not link that UUID to a userId or if the email sent (or its content) is not stored, this would provide anonymity.

Salketer
  • 14,263
  • 2
  • 30
  • 58