I don't know if there is a more elegant solution, but it will probably come down to persisting the question timeout and asking the database whether the value is still valid and having the client to do the time's up logic.
The first option, obviously, is to just have a client verification, where a user choses to answer a question, queries the server and gets a response in a format which could look like this:
{
"questionId": "eJ3s9CxfAdwacCP68B",
"question": "Who is the president of the U.S.A.?"
"timeLimit": {
"hours": 0,
"minutes": 1,
"seconds": 30
}
}
When the data is successfuly fetched, the answer dialog is only available for as long as the timeLimit
allows it. After that the input could be disabled.
Naturally this only solves the problem for people with no or very little computer knowledge, geeks will simply edit the source code of your website, enable the input again and submit their answers anyway.
This is where you need to insert server verification as well. A user asks to fetch the question with the id eJ3s9CxfAdwacCP68B
, during this operation, a record in the database consisting of the user id, question id and expiration (adding the duration to current datetime) is created.
Later when a user clicks to submit the question, it sends the answer to the server and the server checks against the database value and current datetime, whether the question could actually still be answered, returning 400
when it could not.
I haven't worked with heroku, but hopefuly the database keeps its data after the reboot. If that's the case, this solution is fairly easy to implement, the time's up dialog is server ignorant and you forbid users to submit answers after their time for the question has expired.