Generated Aug-14 13:43:07 GMT

You are not logged in.

Name: Password:

Or: Recover Account (Forgotten Password) / Register new user / Re-send validation email / Main Page

ADVERTISEMENT

Website Discussion, Bug Reports and Abuse Reports

Stale html forms can cause the wrong card to be played

This thread is open.

Posted by Bass This user is a supporter of the site. 2011-04-03 08:08:30 GMT


The html form for gameaction.php refers to cards by their position in the players hand. This is dangerous, because it requires that the server and the browser have the same opinion of the order at any given time. If ever there is a discrepancy (eg. the user opens the game in two tabs, plays the first move in one tab and the second one in another), then a wrong card is very likely be played.

The same effect can also be produced by having a bad connection, the server accepting the input, the redirect getting stuck, and the user hitting the back button to get back to the game form, which then fails to reload. This scenario is actually not at all unlikely on smartphone browsers.

There seems to be two ways to remove this possibility. One could always refer to the cards by a unique id, so that the card selection is always unambiguous.

A more general way would be to add a "checksum" number (does not need to be an actual checksum, a number from a sequence would do fine) that represents the state of all things that have to be synchronized between the server and the browser. Whenever the server changes any of these things, the checksum is also changed. The server would then print the checksum to the form in a hidden field, so than when the form is submitted, the server can check whether the form data is stale or not.

Posted by Hammerite This user is an administrator. 2011-04-17 23:04:43 GMT


Whoops, I didn't see this.

a new, better board interface will be coming! Eventually...

You must log on in order to post messages.

Click here to return to the Board Page, or here to return to the Main Page.