时间检查：服务器端还是客户端端？

Question

I'm developing a quiz like application.
This application tracks how much time does the user takes to answer every single question.

Should I count time server side or client side?

I came up with this pros/cons:

Server Side:
pros: user cannot "cheat"
cons: user latency can heavily impact

Client Side:
pros: time tracking is more precise
cons: a semi-expert user can use some javascript to "cheat"

By desing, changing the logic behind (ie: calculating an average time per answer) would break the purpouse of the application.

Latency can be an issue, since a variation of 5-10 seconds can change the user's final score (multiply it for an average of 50 answers); this application can run on smartphone and tablet, so high I'm expecting high network latency.

I think this can be a general html5/javascript developing problem, but for who's asking, I'm using node.js as server.

Answer 1

If the quiz application is not sensitive then just use the client side's time.

If it is very time sensitive, I would use both the server and client side's time.

If the client side's time is less than that of the server by a large amount of time (say 5 seconds), then it is safe to assume the client was cheating.

---

Also, I should warn you that if the answer to the questions are constant, it is quite easy to create a script which will auto-fill the values.

Eg. document.getElementById("QuestionOne").value="TheCorrectAnswer";void(0) ;

Answer 2

您可以使用客户端时间，并将其与服务器端时间进行比较，即同时使用两者。它不需要太多代码，但是很安全。