I am creating a website using Ubuntu, Apache, and Django. Let me block people from completing and posting a specific form on my small site more often than once. I understand it's virtually impossible to bar a determined user from altering his Ip, removing his snacks, and so forth all I am searching for is one thing which will deter the sporadic user from re-posting.

It appears in my experience that obstructing multiple form distribution in the same Ip is the easiest method to achieve what I am searching for. However, I am unsure the way i must do this, and whether I ought to do this from Apache or from Django. Any tips?

Edit: I am searching to avoid intentional re-submission, not only unintended double submission. e.g. I've got a survey that I wish to discourage people from voting multiple occasions on.

Several whole nations are NAT'ed, plus some (most?) large multinational companies too, many with hundreds of 1000 customers each. Obstructing anything by IP is really a bad idea.

Get a cookie rather, that is just like it is going to get. You might result in the user login in, by which situation you'd determine if the shape was posted frequently for your login.

In case your primary problem is to avoid someone creates a script and instantly submit the shape many occasions, you might want to use CAPTCHA together with your form.

While there is nothing certified, I recommend something similar to this: Whenever a user loads the page together with your form on, a cookie is placed and the need for the cookie is appended having a fixed secret string and also the md5 worth of this really is written to some hidden area around the form. Make sure that a brand new value is produced every time the consumer access the shape.

Once the user submits the shape, you make sure that the cookie value and form value match, the cookie the consumer was handed is not accustomed to submit the shape before which the referrer id match the Link to the shape. Optionally you make certain that there's been no tries to publish from that IP within the last 2 minutes (fast enough it wont matter to many people, but slow enough to decelerate bots).

To repair this the consumer needs to create a script that loads the page, keep snacks and submit the right values. This is a lot more difficult than when the user could just submit the shape.

Added According to edit: I'd block the customers within the Django framework. This enables you to definitely present a far greater error message towards the user and also you only block them from that form.

The next techniques are easy, both to implement and also to hack around. Anybody with Firebug along with a little understanding will not even blink.

The next Javascript uses Mootools, and that i haven't checked so that it is free of bugs. I realize that JQ syntax is nearly identical, and raw JS is comparable enough, therefore the point ought to be obvious.

1) When the form has been posted via AJAX, you should check before posting (sorry if I am just stating the apparent).

var sent = 0;
$('myForm').addEvent('submit', function(){
    if(!sent) this.send(); 

This is actually simple, and remarkably effective until they reload the page.

2) Give a javascript cookie. Again, with Mootools:

$('myForm').addEvent('submit', function(){ 
     if(Cookie.read('submitted')){ alert('once only'); return false;}
     else{ Cookie.write('submitted', 1); return true; }

This works even when the consumer reloads the page.

3) Give a Python session cookie. I'm not acquainted with Python, but when it is just like php, this can don't have any edge on method 2. Either in situation, the consumer can remove the cookie with FireCookie or WebDeveloper Plugin (or their equiv's on other browsers) and reload the page.

4) Give a Expensive cookie (use Flex). This really is ideal - Expensive snacks are saved inside a different location, aren't apparent, and therefore are tough to remove. The only real bad thing is you need to create and embed a small swf.

5) Store something inside a hidden area, and appearance for that value. A hash can be included to the interior links to insure the value remains completed even when the page is sailed from.

6) Other games could be performed incrementing a URL (or perhaps a custom URL using htaccess) for every customer.

An swf cookie is the greatest idea of the aforementioned, though it may be combined with others. Best of luck.