Jump to content

Recommended Posts

Hi,

 

Is there a better way to track each individual computer, even if the Cookies are cleared / PHPSESSID Cookie destroyed?

 

I am currently writing an anonymous voting application.

Each anonymous user gets a maximum of 5 votes.

 

What I need is to be able to track how many votes each anonymous user has used so that they cannot flood the system / skew the data.

 

In order to track each person I want to use Sessions however as Cookies can be cleared (Eg: PHPSESSID) then anyone would be able to vote 5 times, clear their cookies and receive 5 votes again.

 

I need help in finding the solution to get around this issue.

 

I thought about storing a hashed IP of the user into a database etc however the issue with that is if for example, they are at work and all share the same IP - This would effectively mean that the entire office had 5 votes between them, rather than each individual computer.

 

Cheers,

Ryan

Link to comment
https://forums.phpfreaks.com/topic/141689-_session-track-unique-computer/
Share on other sites

There's no ideal solution.  Most sites which seriously need to block abusers use IP address (like dnsstuff, rapidshare), BUT they also provide an option to create an account which lets them bypass the IP address blocking.  Some of those require you to pay for an account, which simplifies things somewhat.  If the accounts are free, you need to be more careful about automated account generation.

 

dnsstuff has free accounts but having an account doesn't bypass IP blocking.  Rapidshare does bypass, but accounts are paid.  Wikipedia allows accounts to bypass IP blocking, but they also have moderators who can block accounts.

I don't think their is a solution.. due to the fact you are creating a conflict!

tracking anonymous users.. if you can identify them then they are not anonymous !

 

personally i think you are going to need them to register an email or allow only 1 vote per IP but even then that can be spoofed (as with creating multiple emails)..

 

I guess you could add some image verfications to make it a longer process..

I agree with madtechie.  My view would be you can't equate "person uniqueness" with "IP uniqueness".  As you already have said, multiple users might have the same IP, and also, the same user might have access to multiple IPs.  So using IP as uniqueness doesn't really work. 

 

If you are letting users be anonymous, you aren't identifying them uniquely, and therefore you cannot establish whether they have voted already.  :o

 

Rgds

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.