Ryan0r Posted January 21, 2009 Share Posted January 21, 2009 Hi, Is there a better way to track each individual computer, even if the Cookies are cleared / PHPSESSID Cookie destroyed? I am currently writing an anonymous voting application. Each anonymous user gets a maximum of 5 votes. What I need is to be able to track how many votes each anonymous user has used so that they cannot flood the system / skew the data. In order to track each person I want to use Sessions however as Cookies can be cleared (Eg: PHPSESSID) then anyone would be able to vote 5 times, clear their cookies and receive 5 votes again. I need help in finding the solution to get around this issue. I thought about storing a hashed IP of the user into a database etc however the issue with that is if for example, they are at work and all share the same IP - This would effectively mean that the entire office had 5 votes between them, rather than each individual computer. Cheers, Ryan Quote Link to comment Share on other sites More sharing options...
btherl Posted January 21, 2009 Share Posted January 21, 2009 There's no ideal solution. Most sites which seriously need to block abusers use IP address (like dnsstuff, rapidshare), BUT they also provide an option to create an account which lets them bypass the IP address blocking. Some of those require you to pay for an account, which simplifies things somewhat. If the accounts are free, you need to be more careful about automated account generation. dnsstuff has free accounts but having an account doesn't bypass IP blocking. Rapidshare does bypass, but accounts are paid. Wikipedia allows accounts to bypass IP blocking, but they also have moderators who can block accounts. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted January 21, 2009 Share Posted January 21, 2009 I don't think their is a solution.. due to the fact you are creating a conflict! tracking anonymous users.. if you can identify them then they are not anonymous ! personally i think you are going to need them to register an email or allow only 1 vote per IP but even then that can be spoofed (as with creating multiple emails).. I guess you could add some image verfications to make it a longer process.. Quote Link to comment Share on other sites More sharing options...
webref.eu Posted January 21, 2009 Share Posted January 21, 2009 I agree with madtechie. My view would be you can't equate "person uniqueness" with "IP uniqueness". As you already have said, multiple users might have the same IP, and also, the same user might have access to multiple IPs. So using IP as uniqueness doesn't really work. If you are letting users be anonymous, you aren't identifying them uniquely, and therefore you cannot establish whether they have voted already. Rgds Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.