Hi everybody! :-) I have two actions: search/executeIndex and search/executeSearch.
And I have a Search-Query $q generated by the executeSearch that gives all search results. Normally you would simply give it to the Pager and be happy! :-) BUT I want to add a search-flood-protection. I try to find the best-practice now for this use-case: 1) A User sees a search-Form, fills it and submits it. 2) I check if the user is flooding, if so, he's redirected and sees a message like 'you have to wait some time' - otherwise he sees the results page. If I now add pagination to the results, I need to execute the search- function on each page and that would result in a redirection for the user and a message that he has to wait some time if he switches the page to fast... Thats NOT what I want! I want that the user can switch pages in THIS current search results without waiting. Only if he queries a NEW search from the form, I want to check the flooding-time. If I use the users-session like setting a var "is_new_search" , I will be afraid of someone who manually sets this var in his cookie to FALSE. Any ideas on how I could do that securely? I thought about fetching all search-results and saving them in the users session. Then if the search function finds those results in the session, the function simply paginates it. Otherwise a new query is generated and the flood- time is checked. But that sounds very odd to me :-/ Any experience with that? -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
