tl;dr : How do I prevent the client from accessing the Session variable?
Long version: I am creating a “Question of the Day” web app and I want to allow anonymous users to answer the question and then provide a “Login/Create An Account to Save Your Answer” dialogue.
However, I do not want the user to be able to guess an answer, close the tab, and keep guessing until he/she gets the right answer then logs in/ creates an account and has a perfect score every time.
So I am looking for a way to store a persistent
hasAnswered boolean on the client side. Or perhaps is they a way to store the IP addresses of devices that have answered each question on the server-side?
I tried using the u2622:persistent-session package, but that still allows the user to change Session key-value pairs through the console.
Thank you for reading and helping. =)