Public votes and avoiding mutliple vote: using cookies or IP?
https://stackoverflow.com/questions/6118565
-
31-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How do you handle public vote (anyone can "like or dislike" an article) and to restrict him to vote only one time?
Have I to use cookies? (with the problem that he can remove the cookie and vote x999 times) or I store his IP in database?
La solution
The solution has three parts:
- use a cookie to prevent double votes
- store all vote events in the database (ip, user agent, poll/article id, vote)
- implement an algorithm which will run every 24h to delete the double votes which escaped from #1. The algo will use data from #2
Using only the IP is not appropriate as it can leave tons of people out of the voting system.
Autres conseils
Use the IP.
While you may cause a bunch of people from only voting once from behind one IP, the alternative is trivial to bypass (don't store cookies).
I'd say do both so that if there are people with dynamic IP they will have to change IP and delete cookies at the exact same time.
If the user authenticates, ie they vote as themselves, throw a record in the database saying the user has already voted. For anonymous voters you are limited to cookies, local storage, ect.
Instead of cookies could use evercookie, which is much harder (but still possible) to bypass.
evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
