1) You can set a session variable or client variable to say "ALREADY_SUBMITTED" and disable form, or block submission if that cookie is sent
2) You can check for HTTP_REFERRER to make sure the form was submitted from a page on your site... Obviously someone can write a custom http client to get around both of these, but would someone go through all the trouble to get discounts for your site? dov -----Original Message----- From: Che Vilnonis [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 1:58 PM To: CF-Talk Subject: Re-Send: Preventing "Cou-pon" Generation Fraud. I sent this before I did not even get a copy sent to myself. Perhaps it was considered junkmail? Thus, the misspelling. See below. ---------- Preventing "Cou-pon" Generation Fraud. I am developing an e-commerce site that presents customers with an opportunity to send five dollar cou-pons to their friends after they place an order. There's a form with up to 5 email addresses to send these cou-pons to. I have all the necessary logic in place but I am stumped by two things... #1. How do I stop the customer from hitting the "back" button to resubmit the form again? Namely, how do I stop the same set (or a different set) of emails from receiving these cou-pons? I realize the "back" button issue has come up in various incarnations before... what was the consensus on how to best prevent it? #2. How do I prevent the web form from being downloaded and submitted from someone's desktop. Namely, what is the logic I should implement that makes certain that the form comes from my web server before I process? Thanks in advance, Che ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235244 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
