Comment by pabs3
1 day ago
Hmm, how do they know you have calculated the PoW without setting a cookie? Or do you have to calculate it on every page load?
1 day ago
Hmm, how do they know you have calculated the PoW without setting a cookie? Or do you have to calculate it on every page load?
Yes, I was wondering what is to stop you replaying the same PoW multiple times. All I can find is:
To prevent the vulnerability of “replay attacks,” where a client resubmits the same solution multiple times, the server should implement measures that invalidate previously solved challenges.
The server should maintain a registry of solved challenges and reject any submissions that attempt to reuse a challenge that has already been successfully solved.
This doesn't seem very scaleable? Or am I missing something?
yeah, I need more info to understand what's up.
Maybe it's only used on individual form submit (like the classic captcha use-case), and not on a page load, and it does have to be recalculated on every form submit?