Prevent js alert() from pausing timers

Question

So I made some timers for a quiz. The thing is, I just realized when I put

javascript: alert(\"blah\");

in the address, the popup alert bo

Answer 1

The server session could be set to expire at say 1 hour. The javascript could be used as only a display tool for the user to know how much time is left. If he decides to cheat by pausing the timer, then he might be suprised when posting his test that his session has timed out.

Answer 2

Never, ever rely on javascript (or any other client-side time) to calculate elapsed times for operations done between postbacks, or different pages.

If you always compare server dates, it will be hard for people to cheat:

1. first page request, store the server time
2. ping with javascript calls each N seconds, compare the 2 server times, and return the elapsed (just for show)
3. when the user submits the form, compare the 2 server times, calculate the elapsed time, and discard the ones which took too long (ie: possible cheaters)