Reputation: 33
How to check if request is coming from the same client browser?
I need to implement captcha functionality like in Gmail. If the user has requested first time, no captcha image will be shown. But, if user is requesting second time to login, (User has entered wrong password first time) need to show the captcha.
Please let me know how to check if the request has come from the same user so that I can implement some business logic in my spring classes.
Upvotes: 1
Views: 3760
Answers (4)
Reputation: 5135
Why are you trying to tie up login attempts to concrete user? If I'm a malefactor and I want to guess the password, I'll use the bruteforcer which can use proxies.
Each time I'll have new IP, so your captcha will not work for me.
In my opinion the better solution is to store counter of incorrect login attempts. Each time anybody inputs wrong password for particular login-name, you increase the counter value for this login. If password is correct, you set this value to 0. If counter value more than 0, you'll show your captcha.
Upvotes: 2
Reputation: 44444
There are a couple of ways to do that:
- When the page is first loaded, start a session (or send out a coookie). Use a count against the session/cookie. You can spit out a captcha once you find the cookie for the second time.
- Use hidden form fields. Put a special name/value pair that you can identify on the second request and send a Captcha across.
- Use AJAX! This would involve using an XMLhttprequest to submit your form, if invalid, you can show a captcha! This would probably give you more control, but at the expense of re-working a bit.
The last two bullets are assuming you want captcha on wrong passwords rather than on a different request/page-reload.
Every one of the above methods has its own pros and cons. You need to choose one or a combination or more than one according to your need.
Upvotes: 0
Reputation: 4109
Attach the counter to the HTTP session. You may required to store the session on the server side, and in a distributed ENV, you should SYNC the HTTP session across servers. You can also store that info into Client side cookies.
Upvotes: 1
Reputation: 10543
At server side(servlet) create HttpSession
HttpSession session = request.getHttpSession();
and keep count of hit inside this session
session.setAttribute("count",i); //you can use getAttribute() method to check the count.
Upvotes: 0
Related Questions
- How can a java application identify a specific browser?
- How to Identify the client browser from .Net
- check using js/java if the browsing happens in the same window same tab
- How to get the browser name alone from client in java?
- Detecting Which Browser In Java gwt
- How to tell if a request comes from browser or server?
- How to check that the two different pages or url's fired from same browser and ip
- Is it possible to know if the client (browser) is running on the same machine as the server?
- how to detect if user is logged in to site from another browser?
- Is there any way to recognize that requests to a web application created with java are coming from the same client?