I have a script that counts the number of clicks done on a specific part of a map. Every 10 seconds through Ajax I send these numbers to a php page that insert them in a database.
Every 10 seconds a specific cell of the map can be clicked only one time.
The problem is that if the client modifies the script reducing the number of seconds of the ajax request, he can potentially do an infinite number of clicks.
So i need to pass to the .php a secret variable that CANNOT BE MODIFIED by the client, and from .php checking if someone with the same secret variable has done in less than 10 seconds an insert. Is this possible, considering the fact that session id and cookie can be potentially modified by the client??