I have a code where a user will listen to some audio file. In Javascript, each second listened will be incremented in a variable. Once the seconds listened reaches 30, it triggers an ajax command to run a PHP script that updates the database to add a "listen" value.
The Javascript code is pretty simple. When the audio starts, it sets the variables
var secondsListened=0;secondsToUpdate=30;
Once secondsListened=secondsToUpdate, it triggers.
However, anyone with basic debugging knowledge can just open the JS on the page and change values to spoof the 30 seconds.
My idea right now is to trigger an ajax response on each second listened that will store the time listened in a $_SESSION variable. If all 30 seconds are available when the ajax triggers, then the code can proceed.
My question: is this the best way to validate such a thing? I'm worried running an ajax to store a $_SESSION variable each second is too much processing. Is there a better way to ensure people cannot alter the JS to spoof listening to the full amount before adding a "listen" value?