'How to encrypt user activity information in the browser so it can't be spoofed?

My users are performing some actions on my website like clicking buttons. I need to award prizes if a certain sequence of buttons has been clicked. For every action I store the action information.

When they are done the activity information is sent to the server. How can I ensure they didn't just send me that information manually, but actually performed all required actions on the page, e.g. didn't spoof it?

javascriptajaxdom-events


Solution 1:[1]

In addition to Mic's answer (+1, very correct) note that no matter how well you protect the JavaScript, someone can use a UI automation testing tool (e.g. Selenium) to script the clicking of buttons without any need to defeat your JavaScript.

Clicks are sent to the browser in a programmable manner and the browser has no idea they didn't come directly from user interaction.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Eric J.

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?