How can I recognize duplicate voting or rating for a comment or article? For Example when you Vote up a comment, you can't vote anymore in that comment.
i want the user can vote up a comment, this increment is about to save in db and the only thing to save is increment of positive and negative votes in db. All visitors can vote the comments and each person can only vote once.
Is there a client side solution?
A client-side solution based on cookies or localStorage will cover an honest user with a single browser, which is the majority of cases (so you might as well do it). It will not do anything at all to prevent fraud from anyone with malice and any amount of technical knowledge, so you're going to want to also include a check on the other side of the trust boundary (on the server).
A determined attacker will be able to stuff the ballot box, but you have a few options to dissuade casual abuse.
As others have mentioned, one simple solution is to allow one vote per IP address. Not a terrible idea, but see this discussion for why it isn't a great idea either: Limit 1 vote per IP Address? It can prevent legitimate users from voting (consider two roommates sharing a personal router), and it doesn't stop ballot stuffing (I could vote at home, and then again at work). It gets even more complicated when you consider ISPs like AOL (so the popular wisdom says, at least, I'm only assuming this is still true) that reassign addresses often (ostensibly to protect the privacy of their users, perhaps).
You could require a captcha. This provides a similar amount of protection as requiring a verified email address, with slightly less burden on your users. Neither of these approaches are guarantees, of course. Anyone who owns a domain name has an infinite number of unique working email addresses, and if a few dozen votes is enough to influence the poll result, then an attacker needs only the patiences to take a few dozen captcha tests.
The more sophisticated solution is to require user accounts, watch cleverly for signs of abuse, and ban accounts that are suspected of being fraudulent. I'm guessing that's far beyond the scope of anything you're prepared to do, though. Unless maybe someone has published a free general-purpose implementation of such a thing?
User could disable JavaScript in his browser, delete cookies and easy to get around your recognition. This's not the best solution. It's better to add checking user IP address on the server side in addition to this.
I wouldn't think cookies would be a good way to keep voting limited. You could just clear them and vote again. Probably the best way is to allow only registered users to vote, then keep track of them in a storage location somewhere per article. When someone tries to vote, check the article's 'Users who voted for this' array and if they're not in it, allow the vote to go through.
Ok. Another bad practise. Just try to fool an anonymous voter. When he votes the first time - write to your DB +1 and a cookie with additional vote amount for current anonymous user. When he votes again just add +1 to a cookie amount, not to your DB and update UI. So, a user don't know that he can't vote more than once and don't try to clear his cookies or something else. Of course you can't use this method for any contests, only for statistic. And in your case you shouldn't set this cookie for registered users and use standard method to check their votes.
