Re: Preventing multiple votes by same user effeciently

You appear to be trying to use the REMOTE_ADDR from the browser to determine whether someone has voted or not. There are (at least) two problems with this.

First, a single (external) IP is often shared by many users. In companies or student dorms and the like, using NAT to allow multiple internally networked machines to access the internet via a single connection or corporate firewall etc. This means that only the first user to vote from within such an IP sharing group would be permitted to vote.

The second is that many home users still use dial-up connections and get allocated a different IP (via DHCP) each time they connect. I am one such user. In order for me to vote many times under your current scheme, I simply have to dis- and re-connect and click the vote button again. There is very little you can do to stop this using the IP alone.

Almost any scheme will require you to use a userid/password and/or a cookie to validate the voter. The former is non-trivial to implement though a search on merlyn's web-site will turn up several hits for schemes of varying complexity. The latter will fall down if your users are the paranoid types (like me) that habitually run with cookies disabled except on sites I have some modicum of trust in.

Cor! Like yer ring! ... HALO dammit! ... 'Ave it yer way! Hal-lo, Mister la-de-da. ... Like yer ring!

Comment on Re: Preventing multiple votes by same user effeciently

Replies are listed 'Best First'.
Re: Re: Preventing multiple votes by same user effeciently by diotalevi (Canon) on Oct 26, 2002 at 14:18 UTC
I've also heard that WebTV users may also be on different IP addresses per each request. That means that a single session may actually be on many different IP addresses. This is just hearsay but it's something to consider. `__SIG__ use B; printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B::svref_2object(sub{})->OUTSIDE;` [download]	[reply] [d/l]
Re: Re: Preventing multiple votes by same user effeciently by MZSanford (Curate) on Oct 26, 2002 at 15:38 UTC
Also, remember that there is nothing to say that AOL members will even have the same IP during a browser session. IP rotation with AOL members is an issue to remember. from the frivolous to the serious	[reply]
Re: Re: Re: Preventing multiple votes by same user effeciently by BrowserUk (Patriarch) on Oct 26, 2002 at 16:03 UTC
I'm surprised by this. I've never used AOL but I know my sister has an account and regularly uses both AIM and more significantly MSN Messenger. If her IP is constantly changing, I'm wondering how these comms protocols manage? Cor! Like yer ring! ... HALO dammit! ... 'Ave it yer way! Hal-lo, Mister la-de-da. ... Like yer ring!	[reply] [d/l]
Re: Re: Re: Re: Preventing multiple votes by same user effeciently by zigdon (Deacon) on Oct 28, 2002 at 13:51 UTC
It wouldn't be that her computer's IP is constantly changing, but that the proxy AOL sets for http requests is actually a host of machines, each with it's own IP. So a connected user will have the same IP when doing FTP, AIM, or anything that doesn't go through the proxy. -- Dan	[reply]
Re: Re: Re: Re: Re: Preventing multiple votes by same user effeciently by BrowserUk (Patriarch) on Oct 28, 2002 at 17:07 UTC
Re: Re: Preventing multiple votes by same user effeciently by carthag (Scribe) on Oct 26, 2002 at 14:05 UTC
Thanks, I forgot to take into account networks. And since I actually have a lot of users coming from school networks, I can't use my current approach. usernames & passwords aren't a viable option, mostly because it would add an unnecessary layer of complexity and generally be overkill for the problem. I never really liked cookies, they're too easy to circumvent (and should be), which comes from having tried using them before when writing a crap Hotornot clone. I guess these are the only solutions, though, so I'll see which one will be the best.	[reply]