Forms are an important means of exchanging data between client devices and servers, for example. Sometimes forms are also used by client devices for the purpose of local and/or remote data collection.
Forms typically comprise form fields and form buttons and other components. For example, other components that may be included in forms include input fields, such as text fields and password fields. To increase transmission security, during the generation of forms, hidden form fields with preset names are also generated and included in certain forms. A hidden form field is an invisible element of the form that is not seen by a user that visits the webpage at which the form is presented. Therefore, the user cannot input any content into a hidden field, which is why sometimes the hidden field is used to submit information that is not input by the user.
Conventionally, a client device retrieves a user requested form (e.g., associated with a webpage that is visited by the user), the form is presented by the web browser installed at the client device, and the user can input data into the form's input fields. After the user completes filling out the form, the user selects a form submission button and the client device submits the data that was input into the form to an associated web server where the web server may further process the submitted form data. However, conventional techniques typically cannot determine whether the form data was completed by a real person user (a human). One reason it would be desirable to ensure that form data is completed and submitted by human users is that when forms are automatically completed and/or submitted by robots or specialized computer programs, negative consequences such as spamming or malicious forum flooding may occur.
One conventional technique of validating that a submitted form was completed by a human user is realized by validating one or more hidden fields included in the form. For example, a hidden form field includes a name and a value. Each time the form is requested by the client device (as a result of a user request), the server generates a random character and transmits it to the client device, which causes the client device to use the random character as the numerical value of the hidden form field. As such, when the server receives the user-completed form submitted by the client device, form validation is realized by verifying whether or not the value of the hidden form field matches the random character generated by the server.
However, because the client device generates the hidden form field at the same time that it generates the form, the name of the hidden form field is set in advance, and so the name of the hidden form field generated upon each request for the form is always the same. Therefore, it is possible that through multiple requests of the form by the client device, malicious automatic completion programs are able to determine the hidden form field name through analysis, so that the programs are eventually able to recognize the form and thereby perform automated completion of the form.