views:

610

answers:

3

The unique poll/vote/survey i mean here is, user can only vote once. How do i do that? Track their ip? Login? Beside login, what else? (login is my last option, thus beside login, is there anything else I can do?)

+5  A: 

To restrict the number of votes per person, you need to track the person.

Now there can be several ways to do that, and I'll list them with their pros and cons. Its for you to decide which method suits you best.

  1. login: this will offer you ultimate control. But its also a little cumbersome for the user. and its your last preference
  2. IP: how will you handle people behind web proxies? How about people with dialup connections and/or dynamic IPs?
  3. cookies: this is good for short term polls, so you can set the expiration of cookies to a time when the poll has ended. But, a potential drawback is that a user (contrasted with a luser) will know how to delete the cookies!
  4. openId: While this method is not too different from the 'login' method, this saves the user from registration (which really is the part that sux the most about logins).

EDIT: the problem with this situation is that you need to resolve the identity of the user. I think OpenID does this pretty darn well.

Cheers,

jrh.

Here Be Wolves
Thanks.. I have think of these solutions, which you are correct, each of them has its pros and cons... Is there other way u can think of??
jingleboy99
I suggest that you go with the openid method. but it is a bit more complicated to implement than other systems.
Here Be Wolves
Well, thanks. I will definitely check the openID. Voted for best answer.. :)
jingleboy99
+1  A: 

You could always store a cookie on their computer. Beware, though, that the user can easily disable cookies, or modify the contents of a cookie. There is no 100% reliable method to do what you want to do - the user can always create a new account, or move to another computer, etc.

If you want to go with the cookie approach though, there are three possibilities.

  1. You can store a bit of text saying this person has already voted
  2. You can store a unique id referencing their vote
  3. You can store a session cookie and store the rest of the data on the server (probably more secure, since they can't edit the data, only the session id, and doing so will probably invalidate it).
a_m0d
A: 

The most secure way is a login system.

But if you dont want to use one, i used to add a hash containing the users IP and browser witch will help me filter out to a much better degree then just simple IP ( the browser string might be different for different persons using the same browser, because of the version, operating system and extensions installed ), but you still have problems if they switch browsers, the same problem as cookie. The hash was stored in a database.

solomongaby