How to Check Authenticity of an AJAX Request

Question

I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via A

Answer 1

It is impossible to start and stop the timer at the client-side without fear of manipulation...

Anything you perform at the client can be altered / stopped / bypassed..

encrypting/decrypting at the client is also not safe since they can alter the info before the encryption occurs..

Since it involves money, the users can not be trusted..

The timing has to start at the server, and it has to stop at the server..

Use ajax to start the timer at the server only if the puzzle contents return with the result of the ajax call. do not load the puzzle and then sent an ajax request as this could be hijacked and delayed while they review the puzzle...

..