5

I'd like some pseudo-code or white board suggestions for permitting unauthenticated voting on my site. I've looked through related threads on this topic, but I think my scenario is different enough to warrant its own thread.

There are 3 core scenarios I want to support.

1) Authenticated user "Joe Blow" logs on to my site and votes. Since he's authenticated he only gets to vote once. For each vote he makes, I store his UserId in the DB

2) Unauthenticated user "Sally" visits my site and votes. Since she's unauthenticated, I'll save her vote under a user account called "Anonymous-Users-From-My-Site".

3) Unauthenticated user "Zoltan" uses a widget that I built to hit my site from some other partner site that hosts my widget. He can also vote from that site. I'll save his vote under a partner user account called "Anonymous-Users-From-A-Partner-Site".

The twist here is that I need to support the ability of "Sally" and "Zoltan" to vote on an unlimited number of things. Maybe Sally wants to vote on 500 things in one day. Maybe Zoltan wants to vote on 200 things on the partner site. Maybe Sally doesn't revisit the site for a month, then comes back to vote on more stuff.

How can I achieve scenarios 2 & 3 with a cookie? Do I hash all of the item ID's for the votes together? What are my options?

FWIW: I plan to make a hard distinction when tallying up the votes. I'll make it clear that anonymous votes are just that -- anonymous. People will understand to use a measure of skepticism when viewing the results. But I still think there's value in allowing unauthenticated users to vote, even if they can game the system by using multiple browsers or deleting their cookies after each vote. If users voting on my site have to do at least this, then I'll be satisfied.

And lastly: I am not interested in using something like an EverCookie. For my needs, that's total overkill.

Armchair Bronco
  • 2,367
  • 4
  • 31
  • 44
  • A cookie identifies the user (as e.g. "Sally") and under "Anonymous-Users-From-My-Site" you record things like "Sally voted for option C on question 531". What's the problem? – Beta Mar 14 '11 at 02:44

2 Answers2

1

Do something similar to what SO does. When a user comes to your site give them a unique ID and store that ID in a persistent cookie. If a person ever fully registers then you can associate that generated ID with the account name. Then it doesn't really matter how the user gets to your site since the browser will automatically present you with the proper cookie.

I would avoid serializing data in the cookie since the amount of data could get rather large over time and you probably want to track votes server side anyway (so you can track usage/abuse).

Andrew White
  • 52,720
  • 19
  • 113
  • 137
1

I personally wouldn't lump any unauthenticated entries against a SINGLE user... instead, I would have a table of unauthenticated responses. The first time a person votes - you insert into that table, and store the autokey (ID) in his cookie. If he deletes his cookies... who cares. But this should solve all of your needs.

This way you're not trying to "fake" logic by parsing out comma separated 'votes'... but rather you're just going to pretend that they are a regular user and hit your DB to pull their votes.

Timothy Khouri
  • 31,315
  • 21
  • 88
  • 128