How to protect yourself from too frequent ajax requests?

L

lissoff-12021-06-13 21:45:07

AJAX

lissoff-1, 2021-06-13 21:45:07

To update the data, I use setTimeout with an ajax request, which is executed once every 10 seconds to avoid heavy loads. But the cracker dug into the chrome console and found that the user himself can form and send multiple such requests with a very short interval. It seems to me that there is only one way out, you need to somehow check the frequency of incoming requests on the server side.

I've only thought of this so far:

if ($_SESSION['time'] + 10 > time()) exit(json_encode(array('limit')));
$_SESSION['time'] = time();

Tell me, is this a normal solution or is it better to do it somehow differently?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Daria Motorina, 2021-06-13
@glaphire

You can try ready-made libraries using the "rate limiter" key
https://packagist.org/?query=rate%20limiter
Upd. Another key is "throttling/request throttling"

A

Alexey, 2021-06-13
@Azperin

Server-Sent Events

R

rPman, 2021-06-13
@rPman

websocket
The server should report data updates to clients, this is the best solution both in terms of resources and the Internet and development.