I created a form with Html, CSS and JavaScript and an API with ASP.NET for the HTTP request. Users will have a link to fill in the form. Is there any browser id or IP which I can get so prevent the user to submit multiple times the form?

Disable the submit button is not an option The form has to be anonymous so a unique id for the users is also not an option

CodePudding user response：

you could make like a cookie in java script that doesn't expire. after that you could make a if else state and check for the cookie if it exists in the browser

value_or_null = (document.cookie.match(/^(?:.*;)?\s*MyCookie\s*=\s*([^;] )(?:.*)?$/)||[,null])[1]
// Put your cookie name in in place of MyCookie.

if (value_or_null = 1)
{
   //redirect to other page
}
else
{
   // let him do the form 
}

CodePudding user response：

There is no 100% safe way, as returning users could have cleared they cache or something. Also, tracking the IP could potentially work, but you ask for full anonymity...

If you want your server to have authority on this decision, the only information you will have or can use is the IP address. Even that would not be accurate if your users hop on different VPNs and stuff.

What I think could work is if the link for the users to access the form is unique for each user. You'd generate a UUID, that way it cannot be guessed if users want to answer more than one. That UUID would have no link to any user, it would just be stored in a list of VALID UUID and get removed when the user uses it to answer.

The link would provide the UUID through query param, the javascript would then add its value to the form when being sent.

If you do not link that UUID to a userId or if the email sent (or its content) is not stored, this would provide anonymity.