using PHP or with Javascript how can i create a timeout to prevent logins from being rapidly submitted?
I validate the log in form using PHP, connects with DB, and then returns true or false whether the log in is valid and such. On an invalid log in, I am thinking of setting a cookie for login-timeout that increments in N amount after M amounts of failed login attempts.
Would a cookie be the best way? What if the user does not enable cookies, much like i do? Sessions get unset at the beginning of the log in page, so I cannot set a trusted $_SESSION value, plus the user can just leave the site and come back.
Is a cookie the best way?