Restrict URL Manipulation vs Using Links

[NICON]

I am trying to find a workaround for people using bookmarks and executing them simultaneously forcing a script to run thousands of times in just a second. Is there a way I can implement a token or a short bit of javascript that would force the user to use the link vs bookmarked URL pages?

Sorry if I am being vague here but its really causing me issues having people doing this on my site.

[requinix]

You cannot really control how people arrive at your page, no. A bookmark or clicking a link or typing it in the address bar are all essentially the same thing.

If you have a problem when a script runs that much then have you tried addressing that?

[NICON]

So the page I am referring to is dynamic. And its only dynamic by one integer. So ?ID=1 or ?ID=2 etc.... I've been to similar pages before where the developer of that site has forced people to use the links and has essentially broken all bookmarks using that dynamic URL. I am unsure how he did it but I know that it was done. I am wanting to do something similar but without copying exactly what he did.

Its not an issue of the script running its just an issue of this person is circumventing the process and creating an advantage over others by bookmarking these pages.

[requinix]

3 minutes ago, NICON said:

I am unsure how he did it but I know that it was done. I am wanting to do something similar but without copying exactly what he did.

No. No no no. Do not do that. It is pretty much always a bad idea to make it harder for people to browse your website.

 

3 minutes ago, NICON said:

Its not an issue of the script running its just an issue of this person is circumventing the process and creating an advantage over others by bookmarking these pages.

I don't know what this "advantage" is, but someone typing something into an address bar should not be sufficient to give it to them. If there are other pages that must be visited then you should enforce that with cookies or session data.

...which may be what you're thinking about. If you want people to hit page A before page B then you make sure that (1) page A sets some data, like a cookie or session variable, to indicate the page was visited, and (2) page B reacts in some appropriate way if that data is missing or invalid or expired or whatever.

[NICON]

I agree it this site was just a general site that an every day to day user would join then I would agree 100%. However this site requires the user to be logged in to see these pages. On this page are roughly 80 different links going to different places. The idea here is to allow the user plenty of freedom and access to other parts of the site simultaneously. But this one link is integral to the site. Many users are trying to access this same link. But this one specific user has an unfair advantage because his bookmarks allow them to use this link on several users pages. The link is intended to be used and not a mass tab execution through bookmarks.

[requinix]

Then either (a) what I said about cookies/sessions, or (b) the whole thing doesn't make sense. How could having a bookmark possibly give someone an unfair advantage? It's ridiculous.

If you don't want direct access to the page then what you want is to require indirect access through some particular flow. So what you do is enforce the flow.

[NICON]

As I stated before its not a single bookmark its opening hundreds of bookmarks at once is the issue. Allowing someone to click this link on 100's of pages at once is what is unfair. The flow is appropriate but allowing someone to click so many links with one click is the issue.

[requinix]

Oh wait, is this one of those things where someone bookmarks Javascript code?

Then it's sounding like you need throttling. Whatever is happening, don't allow it more than once every X seconds.

[NICON]

I am assuming that is what is being done. I of coarse dont have the end user code or what exactly they are bookmarking but its running 100's of pages at once.

I will dig into this throttling that you are speaking of and see how I can implement it into the code.

Thanks!