1. Generate a random token and set it in hidden field of the form in JSP
2. During form submission store the random number set in hidden form field in DB
3. Compare the submitted token is matching with the one from DB to see whether it matches , if is not matches it is a bot attack.
Please let me know whether what is mentioned above is correct? if not please let me know how we can handle it in a better way?
1. Also how we can generate the random token number in java and how this can be set in hidden form field
2. Where we need to handle the comparison logic?
Any examples/tutorials on this is really helpful. Thanks in advance.