: How Do I Prevent Users from Accessing a Page More Then Once? Hi I have a URL say for example http://www.xyz.com/form1.html. Now i need to hide this URL since I dont want people to keep coming
Hi
I have a URL say for example www.xyz.com/form1.html. Now i need to hide this URL since I dont want people to keep coming back to this URL and using it. What I mean is I need this URL to be usable only once per visit.
On this URL a form resides which sends out an email after submission to get an attachment. After a user is directed to this URL that is after his payment from paypal so I need that user to use that URL just once. Next time when next user comes he should see the same form but that URL should be masked or should expire in terms of validity sort of. The Main URL remains same but it should expire or get masked and if some copy pastes that masked URL it should work.
How can I make this happen?
More posts by @Speyer207
1 Comments
Sorted by latest first Latest Oldest Best
You need to have that page require a token to work. If that token is missing the page will not load (or takes the user to an error message). If a token is present it is matched against a database of tokens to see if it is valid and not expired or used. If it is expired or already used show the error message. If it is valid then allow them to complete the form and download the file. Then update the database to reflect it as being used and no longer is valid.
For example:
You send the user to Paypal to make payment. Before you do you create a unique token for them and place it in your database.
The user gets redirected to the form after making payment at Paypal. The URL they are sent to will resemble something like this: www.xyz.com/form1.php?token=anc4wqfnpq4qp3y. form1.php is the form and anc4wqfnpq4qp3y is the unique token for that user's one visit.
When that page loads it will check the database to see if that token:
is present
is no expired
has not been used
If it is invalid you can show them an error message. If it is valid then they can complete the form normally.
Once they complete the form and get the contents you deliver you need to update your database to mark that token as invalid.
To make it even more secure you can match the token and the user's ID to make sure both match but that's up to you.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.