enzis
10-22-2011, 12:24 PM
Hello. I'm in need of ideas and advice for approaching an issue. I always prefer to come to the bluehost forums for help, as you guys are always friendly and incredibly smart :). Any thoughts would be much appreciated. I'm sure this is a known thing that someone who knows what they're doing has already figured out.
So I'm developing a game where you guess 10 flags then save your high-score (if you get one.) The issue is I've currently got the users score saved in a javascript variable, which is incremented and sent to the server at the end of the game. Of course, all javascript can be changed by the user, so I need to figure out a good way to check for this server side or save it server side. Preventing cheating at least to some extent can be a big deal as we are considering giving away prizes monthly and/or yearly.
Two quick notes of priority, in no specific order:
* Security - Of course, we do want to prevent cheating/hacking, so long as it's reasonable to implement
* Efficiency - We have an alright server, but would prefer not to bog it down. Perhaps there's some good balance between having some level of security, and not going nuts for all the extreme cases.
I figure I'm suppose to have a separate mySql table just for saving individual game sessions, but am having difficulty planning it out, as I've never worked with constantly an individual session before (in fact, I have zero experience with html sessions, if that is what I need to use.) A thought I had was setting up the table so that it has the answers for the individuals randomized game, and every time he/she answers a question, the table updates to include the next guess. This much shouldn't matter too much how I design it.
The main issue is figuring out how to create unique game sessions for each person in the table. Do I generate a random number? If so, I'd have to check for duplicate session numbers in the table. Would that be too much overhead with a large number of simultaneous players? And if I do make it a random number, say from 1 to 1000, that will limit the total possible sessions to 1000, and I'm kinda hoping to remove limits from this game from a long-term point of view. There is also the problem that the user could change his/her session number before sending it to the server. Is this something I should be concerned about?
I also thought of just using an auto-increment number in the mySql database for use as session numbers, but that might make cheating too easy -> the user could just open two games, then decrement his session number from the second game to make it the first game only on correct answers (and of course, it gives the ability to mess with other peoples games as well.)
My last thought was to somehow use html sessions. I've never used them before, but from what I understand, it provides a unique ID to the browser. I've also heard that html sessions can be messed with, so I'm not even sure its worth the effort to go that route either.
Lastly, I'm wondering how to deal with removing old data from the sessions table. I figured I should at least save a timestamp on each session, so I could remove old sessions whenever, but am wondering when to remove old sessions. Obviously, if a user starts a game and leaves mid-game, I can't rely on the user to call a function to remove the session. So perhaps I need a Unix script on the server that constantly remove's old data every hour or so? Or perhaps every day? Not sure how often would be too much or too little.
Anyways, any input would be much appreciated.
So I'm developing a game where you guess 10 flags then save your high-score (if you get one.) The issue is I've currently got the users score saved in a javascript variable, which is incremented and sent to the server at the end of the game. Of course, all javascript can be changed by the user, so I need to figure out a good way to check for this server side or save it server side. Preventing cheating at least to some extent can be a big deal as we are considering giving away prizes monthly and/or yearly.
Two quick notes of priority, in no specific order:
* Security - Of course, we do want to prevent cheating/hacking, so long as it's reasonable to implement
* Efficiency - We have an alright server, but would prefer not to bog it down. Perhaps there's some good balance between having some level of security, and not going nuts for all the extreme cases.
I figure I'm suppose to have a separate mySql table just for saving individual game sessions, but am having difficulty planning it out, as I've never worked with constantly an individual session before (in fact, I have zero experience with html sessions, if that is what I need to use.) A thought I had was setting up the table so that it has the answers for the individuals randomized game, and every time he/she answers a question, the table updates to include the next guess. This much shouldn't matter too much how I design it.
The main issue is figuring out how to create unique game sessions for each person in the table. Do I generate a random number? If so, I'd have to check for duplicate session numbers in the table. Would that be too much overhead with a large number of simultaneous players? And if I do make it a random number, say from 1 to 1000, that will limit the total possible sessions to 1000, and I'm kinda hoping to remove limits from this game from a long-term point of view. There is also the problem that the user could change his/her session number before sending it to the server. Is this something I should be concerned about?
I also thought of just using an auto-increment number in the mySql database for use as session numbers, but that might make cheating too easy -> the user could just open two games, then decrement his session number from the second game to make it the first game only on correct answers (and of course, it gives the ability to mess with other peoples games as well.)
My last thought was to somehow use html sessions. I've never used them before, but from what I understand, it provides a unique ID to the browser. I've also heard that html sessions can be messed with, so I'm not even sure its worth the effort to go that route either.
Lastly, I'm wondering how to deal with removing old data from the sessions table. I figured I should at least save a timestamp on each session, so I could remove old sessions whenever, but am wondering when to remove old sessions. Obviously, if a user starts a game and leaves mid-game, I can't rely on the user to call a function to remove the session. So perhaps I need a Unix script on the server that constantly remove's old data every hour or so? Or perhaps every day? Not sure how often would be too much or too little.
Anyways, any input would be much appreciated.