3

How do you handle public vote (anyone can "like or dislike" an article) and to restrict him to vote only one time?

Have I to use cookies? (with the problem that he can remove the cookie and vote x999 times) or I store his IP in database?

double-beep
  • 5,031
  • 17
  • 33
  • 41
Unitech
  • 5,781
  • 5
  • 40
  • 47

5 Answers5

2

The solution has three parts:

  1. use a cookie to prevent double votes
  2. store all vote events in the database (ip, user agent, poll/article id, vote)
  3. implement an algorithm which will run every 24h to delete the double votes which escaped from #1. The algo will use data from #2

Using only the IP is not appropriate as it can leave tons of people out of the voting system.

cherouvim
  • 31,725
  • 15
  • 104
  • 153
1

Use the IP.

While you may cause a bunch of people from only voting once from behind one IP, the alternative is trivial to bypass (don't store cookies).

alex
  • 479,566
  • 201
  • 878
  • 984
0

I'd say do both so that if there are people with dynamic IP they will have to change IP and delete cookies at the exact same time.

Sword22
  • 266
  • 3
  • 15
0

If the user authenticates, ie they vote as themselves, throw a record in the database saying the user has already voted. For anonymous voters you are limited to cookies, local storage, ect.

John
  • 1,530
  • 1
  • 10
  • 19
0

Instead of cookies could use evercookie, which is much harder (but still possible) to bypass.

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

Philip
  • 4,128
  • 5
  • 31
  • 49