Limiting votes by users without an account

[Aaron4osu]

I'm working on a site that allows users to vote on different items. Right now I have it so after they vote the buttons are disabled until the page refreshes. I want to come up with a solution so I can keep users from voting more than once. Currently, I'm storing votes in a mysql database, but I'm not storing who voted.

 

I have 3 different types of users.

1) members logged in

2)members not logged in

3)site visitors with no user account

 

I'm trying to think of the best ways to handle each type.

 

I know for my logged in users I can use their user_id and check if they have voted before for that specific element.

 

But how should I handle the other two (2 & 3). Here is what I'm thinking...

 

a) Should I use set a cookie for each of their votes. Then, loop through all of their vote cookies each time they vote before adding the vote to the database? There could be hundreds of votes. If they have cookie turned off this would not work.

 

b)maybe grab their ipaddress somehow and store that in the database. Then query and loop through all votes looking for a duplicate ipaddress/item combo?

 

c)something more efficient?

[kicken]

The only option for an unregistered (or unlogged in) visitor is to store a cookie and track them that way.  If they are going to be voting on a lot of things, then generate a unique hash value for them and store that value in your database for your votes.  Set a cookie with that hash value and whenever they try and vote look to see if that hash has already voted, same as you would for a logged in member and their user_id.

 

[thehippy]

To be perfectly honest, its not worth investing the time to allow anonymous voting.  The amount of time you invest in detecting erroneous voting outweighs the usability benefit.  IPs can be proxies for an entire ISP.  IPs, cookies, http headers can be faked, botnet's can artificially inflate voting results, most captcha services have been cracked and so on.  Ask Amazon or Youtube how they deal with voting, they won't because they've invested so much time in it.  Ever wonder why YT vids get stuck at 300 or so views? Because YT has to start validating a simple view so videos don't get artificially inflated view counts.

[Jessica]

Ever wonder why YT vids get stuck at 300 or so views? Because YT has to start validating a simple view so videos don't get artificially inflated view counts.

 

That doesn't make sense, a view is a view. If I view the video 5 times, I did just that. That's different than wanting to VOTE 5 times when you are only allowed one vote. YouTube isn't reporting unique views, it's just views.

[thehippy]

I was not trying to say a view was a vote they are of course vastly different rule-based counting systems.  I was attempting to point out the engineering problem of the detection of erroneous data that they had similarities, that there may be invalid views as there may be invalid votes.  My bad if I confused anyone, I'm not a man gifted with words.

[mikhl]

I think Kicken has the best idea about creating a hash value in a cookie and storing it in your database obviously this method has its flaws. People can clear their cookies and vote again. You could have the voting feature disabled cookies are not enabled.

 

Another method would be to have the user enter their email address to vote. This would also enable to sort out your non-logged in users. Though entering and email address also poses disadvantages. Namely deterring users, fake email addresses, people with numerous accounts.