HTML/Javascript enforcing time limit on webpage.
September 8, 2005 8:24 AM   Subscribe

HTML/Javascript enforcing time limit on webpage.

I need to enforce a time limit on how long a webpage can be viewed. The time is to be displayed prominently (i.e.) not in the status bar and also be visible at all times, whether or not the page has been scrolled down, maybe somehow fixed in one corner or another.

The time format should be minutes and seconds and ideally would count up or down. I know very little about browsers other than IE and would appreciate known implications for particular browsers of suggested solutions. It would also be good to know how tamper proof the timer would/would not be. I have found plenty of javascripts that will give me a count down for the status bar, but I would like something more visible without using an applet or anything that might cause a delay in loading the page.

I hope this question doesnt seem too lazy. I dont have the expertise or knowledge of cross browser compatability or javascript/alternatives and have not been able to find a suitable solutions. Thanks in advance.
posted by kenaman to Computers & Internet (14 answers total)
If I understand the question, you would like to be able to control for how long someone can view a webpage after loading it in their browser.

You can certainly do this in Javascript, by using window.setTimeout() and location.replace().

Displaying a countdown timer can be easily done using window.setInterval() combined with simple DHTML to change the display.

This is, however, no way to make it tamper-proof without using an applet or ActiveX control. Once it's been downloaded to the user's computer, which it has to be for them to see it at all, you've lost most control over it. All the user need do is disable Javascript in their browser, and that page will stay there as long as they want it to. They can also view the source and copy it to a new file, or save the page using their browser. You can't stop them from doing these things, and it's pointless to try.
posted by cerebus19 at 8:39 AM on September 8, 2005

If you're relying on JavaScript for this mechanism, anyone can then turn it off, or modify it so that the timelimit is whatever they want. This renders it ineffective.

However, I have seen some JavaScript clocks that do what you want, allowing you to put a timer into your page. They don't work terribly well on all browsers as some of them rely on the innerHtml property, which is an IE thing mainly. You can specify that after x seconds from the page being launched, the page is changed to something else. Or you could just use the setTimeout function to do the redirect:

// Define a function to go to a different page
function goElsewhere ( ) {

// Call this function in 30000 microseconds (30 seconds)
self.setTimeout('goElsewhere()', 30000)

And I'm fairly sure that hacking a reasonable javascript clock to count 30 seconds should be a simple matter. I suspect that you might want to use the status bar for the clock display, using the window.status method to display the time.
posted by gaby at 8:40 AM on September 8, 2005

I don't see how a server side solution would be any more secure. All a person has to do is hit the "stop" button as soon as the page starts to change.

They can also cop+paste the text out, or take a screenshot, as well as disabling javascript.
posted by delmoi at 8:52 AM on September 8, 2005

Response by poster: If you're wanting to use this time limit for anything even slightly serious (like test-taking or measurement) is in fact for test-taking and is quite serious. The javascript solutions as you all point out are quick but are far less reliable than I realised. I like odins suggestion of a server side solution which would be tamper-proof. I would still need the display, but it would really just be for display purposes.

Now that the tamperosity have been dealt with anone got any ideas of how to display the timer prominently?
posted by kenaman at 8:54 AM on September 8, 2005

Response by poster: All a person has to do is hit the "stop" button as soon as the page starts to change - delmoi

odins suggestion was that the time the page is submitted would be checked against the time the page was loaded. This would be in the database and so I cant see what they would have to gain by hitting stop as their answers would only be recorded if the submit was within the alotted time. The time is 10 minutes btw..
posted by kenaman at 8:58 AM on September 8, 2005

I don't see how a server side solution would be any more secure. All a person has to do is hit the "stop" button as soon as the page starts to change.

They can also cop+paste the text out, or take a screenshot, as well as disabling javascript.
posted by delmoi at 8:52 AM PST on September 8 [!]

The server serves the page at 10:00 and receives the submitted page at 10:10, for example. No amount of client side tomfoolery can change that.
posted by jikel_morten at 9:39 AM on September 8, 2005

You can embed a META refresh tag in a small iframe, with refresh timing set to one second. This is supported all the way back to HTML 1.0.

Then you have a server-side ticket managed by PHP or any other scripting langage that manages whether the user is authorized to access the page or not.

If yes, then the first iframe loads the protected html code in a second iframe. If no, the user is dumped to a login page.
posted by Rothko at 10:15 AM on September 8, 2005

If it's tamper proof, then you should certainly look at a server side implementation. I would suggest presenting the questions one by one, and the server keeps track of how long the person has been answering questions for. When they've spent enough time answering questions, end the test. For example:

1. Test-taker logs in with their unique username and password.
2. Test begins. Server notes time that test was started and displays question 1.
3. Each time a question is answered, the server checks to see how long has passed since this person started the test. If there's time left, it displays the next question.
4. When there are no more questions, or there is no more time left, the test ends.

Things to note:

- Only let each person start the test one, or they may be able to run through the entire test quickly, note down the questions and re-take it later on witih a perfect score.

- Each person should have a unique login, so they can be identified as such. This allows you to track who has taken the test, and when.

- Let the server remember who has taken the test, and the times, results, etc. If you use cookies or JavaScript, this leaves information on the client machines, which could be modified or removed, allowing the person to take the test again.
posted by gaby at 10:17 AM on September 8, 2005

Server-side solutions will be somewhat at the mercy of network conditions. E.g., someone on the same LAN as the server will get several extra seconds, at least, of actual test-taking time over someone on crappy rural dialup. Assuming all test-takers are on the same unimpaired LAN, though, it shouldn't be a significant problem.
posted by bricoleur at 11:57 AM on September 8, 2005

Hmm... What would happen if your computer crashed, or something?
posted by delmoi at 12:02 PM on September 8, 2005

delmoi: If your computer crashed, you provide evidence of this to the person running the course who lets you take the course again, at their discretion. You then start at the last question you answered, with however much time left that you had left when you answered that question.

bricoleur: If you made the pages slender enough (very basic HTML, little/no graphics, just the question) then they would load very quickly, even over a slow link.
posted by gaby at 1:01 PM on September 8, 2005

If your computer crashed, you provide evidence of this to the person running the course.

I'm curious: what might this evidence be? What evidence would be acceptable? In the interest of fairness, I hope you plan to instruct your test-takers on how to collect this evidence.
posted by Rash at 2:22 PM on September 8, 2005

Having been recently in this situation...

...we resorted to this thing called a "proctor".

We also did this on a local Intranet (one browser--guess which one (ptui!)--options locked down so you can't disable Javascript--no network lag time--alongside a lot of the server-side suggestions above).

In addition to many good suggestions and caveats above, you could set up a system where the test does not display unless the proctor enters a username/password to start with.
posted by gimonca at 6:27 PM on September 8, 2005

Response by poster: Guys thank you so much for all the help. There is some great stuff in this thread an I am now confident of the server side solution, I don't want to say too much about the details of the project but it is serious and the time available for the test is a vital important factor in the validity of the test results.
In the event of a connection dropping or a test not being completed a person will not be allowed to resit a test without contacting an administrator and getting the assessment reissued.

Again thank you all so much for your time and thoughts. It amazes me the care and attention that goes into peoples answers. Cheers Ken
posted by kenaman at 2:54 AM on September 9, 2005

« Older Are you my cousin?   |   What poses or scenes work best for family... Newer »
This thread is closed to new comments.