verifying client has javascript enabled - server side solution

[Carter Smith]

http://www.icarusindie.com/wiki/index.php/Server-Side_Javascript_Check

Sample source included

This method requires that your pages are PHP enabled and you have mySQL.
Although I suppose you could also use PHP sessions (not cookies as they're
client editable). You could actually use any server side scripting language
such as Perl or ASP and any database like MS SQL Server. I prefer PHP and
MySQL.

The short version is you have a default image displayed and then use
javascript to replace the default image with a script reference. The
browser will then load that script which counts the javascript hit. The hit
to the page is always counted. You then simply check that the javascript
hit count and the page hit counts are the same.

You will need to give the user a "free" visit or do an automatic redirect on
the first hit. If the JS count and the page hit counts don't match, JS is
disabled and you can display an error message to the user instead of the
content.

This can also be used for verifying that visitors are seeing your ads. You
simply devise a script that is called which displays the ad which also
counts the ad view. Ad views and hit counts then must match or the user is
blocked from seeing the content.

If javascript views are greater than page hits, then that's okay too since
it just means the main page is cached but the image is not.

If you can think of any circumstances under which this technique for
detecting javascript being enabled would fail, let me know.

And no, this is not being used on my own site...yet. Ad revenue from Google
AdSense is currently covering costs nicely so there's no reason to go after
people who block ads which results in cost to me with no chance of a return.

As a visitor, I have the right to object to your ads. As a site owner I
have a right to refuse service if you don't allow the ads to even display.
It's fair. I recognize that sites like my own cost money to survive.
Either ads can cover the bills or visitors can pay directly. I'd rather
find ways to ensure that ads cover the bills. I've found that visitors like
subscription fees a heck of a lot less than they like ads.

Ben Kucenski
www.icarusindie.com

 

[Matthew Lock]

This can also be used for verifying that visitors are seeing your
ads. You

simply devise a script that is called which displays the ad which also
counts the ad view. Ad views and hit counts then must match or the user is
blocked from seeing the content.

Will this mean that the visitor will not see the content until all the
ads have been downloaded? This could really slow down the page on a
slow modem connection.

It still wouldn't guarantee that a user had seen your ads anyway. Check
out the Firefox adblock extension, it has a mode where it downloads the
ads, but the user just doesn't see them: http://adblock.mozdev.org/

Making visitors see ads is a losing battle anyway. The reason I block
ads when I surf the web is that banners are annoying, dishonest (the
fake dialog boxes) and irrelevant. Focus on making your ads relevant
like Google has and there won't be a problem.

 

[Matthew Lock]

Also how will your content be indexed by Google and other search
engines, since as far as I know Google doesn't evaluate and run the
javascript when it's crawling your site.

 

[Carter Smith]

You can allow based on IP.

Google's bots googlebot in the reverse DNS lookup of the IP. You can't
spoof your remote IP with connection based protocols like TCP/IP. I used to
block all spiders except for Google using that.

But yes, that would be a problem. You'd need a whitelist of spiders.

 

[Carter Smith]

No, it doesn't slow down the page loading. That's why the first hit is free.
You're going to have 1 page hit and 1 javascript hit the first time the page
is loaded simply because that's the default. There's no way to wait until
the javascript runs before deciding whether or not to show the page. The
second time you'll have 2 of each since the call to the javascript happens
after the page is loaded and the new value is applied the next time a page
is loaded. Before the page is loaded the hit is counted and after the page
is loaded the javascript hit is counted. The page hit counts immediately
but the javascript hit counts on the next page view.

AdBlock would be unbeatable since it just doesn't display the image but
requests it. There's no way to tell what the client did with the image
after the request. If you wanted to break a EULA or few you could log every
IP and count hits and ad clicks. If an IP doesn't click an average of x ads
in y page views over z amount of time, you just show them ads until they
click enough to let them back in.

 

[Matthew Lock]

That's cloaking. I wouldn't go there if I was you:
http://www.google.com/webmasters/faq.html#cloaking

 

[Matthew Lock]

If an IP doesn't click an average of x ads in y page views over z
amount of time,

you just show them ads until they click enough to let them back in.

Or just turn all your visitors away to other sites in disgust.

 

[Carter Smith]

This is a last resort before going to subscriptions. If so many people
think they deserve a free ride to your site that your site is going bankrupt
attempting to be nice by using ads instead of requiring direct payments from
visitors, it would be in your best interest to turn those visitors who only
take and don't give, away. So them going away in disgust is the result
you're going for.

This is actually a growing problem with web-sites. People tend to believe
in the bandwidth fairy. This is a method to remind them that the bandwidth
fairy isn't real and that it costs real money to run a site. They can
either at least have to courtesy to view the ads or they can be forced to
pay a subscription fee out of their own pocket if blocking ads becomes a
real problem for the owner.

For my own site, AdSense pays the bills, blocking download agents and IP
bans for people who download unreasonable amounts keeps things in check.

I've banned maybe a dozen people in 4 years. Most people have common sense.

 

[Matthew Lock]

If you are offering useful content why not try a Paypal or Amazon
donation link too.

 

[Carter Smith]

You should read Slashdot.org. It's rediculous how many times I've seen an
open source project bitch about going under because nobody donated.

Meanwhile, taking an intelligent approach to their hosting would have
resulted in not going bankrupt on costs.

The fact is, donations don't work unless it's for some "worthy" cause.
People just simply don't throw down money on random sites if they don't have
to. I have donation links. They don't work. You donate to charities. You
don't donate to web-sites.

The only time I've seen donations actually work is when the web-site plays
begger and gives some sob story about costs and even then they usually only
get the finger. What web-sites usually do is offer free services and then
require a subscription fee for additional services. Most major sites have
done this or will do this.

This is what I was talking about with the bandwidth fairy. There are very
few large sites that don't have some kind of subscription program along with
ads.

The ads brings in the bulk of the cash since most people don't subscribe,
subscriptions from the hardcore fans and wannabe socialites then throw it
over the top if it isn't already.

Nobody does donations anymore except for special occasions. Asking for
donations is no different than begging for money and most sites simply don't
bother.

Like I said, people on the internet have seriously begun to believe in the
bandwidth fairy. They're like Homer Simpson when it comes to donations.
They don't want to look at ads, they don't want to subscribe (heck, the NYT
can barely get free subscriptions out of people) and they certainly don't
want to donate.

And that's why looking into technical solutions (like verifying that
javascript is enabled) before you run into a problem is a good idea. For
now you can use the technique for informational purposes only. Then later,
if needed, you can impose restrictions on people before you're filing
bankruptsy papers and whining that nobody is giving you money.

You can see now if say 50% of your visitors aren't using javascript which
could indicate possible problems in the future.

The sites that go under due to costs exceeding revenue fail to properly
think ahead and pretend that they can deal with it when it becomes a real
problem and for now they can just wait it out.

Ben Kucenski
www.icarusindie.com


----- Original Message -----
From: "Matthew Lock" <[email protected]>
Newsgroups: comp.lang.javascript
Sent: Thursday, February 03, 2005 5:52 PM
Subject: Re: verifying client has javascript enabled - server side solution