views:

204

answers:

4

I'am writting voting web aplication and I'm not sure how to implement it. One user can vote for many pictures but he can't vote for one many times. What should I save in database or in cookies? I'm using ASP.NET MVC.

Users are NOT authenticated.

+6  A: 

Store the votes in a database table with columns PictureId, UserId, Score, and add a composite unique constraint to the columns PictureId and UserId - this will ensure that there is only a single vote per user and picture.

Daniel Brückner
Why store the score if each user can only vote for one picture once?I agree with one table for PictureId and UserId with a composite unique constraint, but then you'd need to run a count query against PictureId to get a total of votes (i.e. "score") for that picture.
Vicky
I thought about rating, too, not only voting. Maybe a vote can be from zero to five stars or something like that.
Daniel Brückner
+1  A: 

Database records for unique, authenticated users, as Daniel Brückner suggests, has to be the way forward. Cookies are unreliable as, for example, they can be deleted or a user may use a different browser.

mas
A: 

If your users are authenticated, then you can save UserIDs with Image votes.

If your users are anonymous, then systems tend to store their IP address with Image votes. It's not perfect, it's not 100% proof, but it works in majority of situations.

Robert Koritnik
+3  A: 

With anonymous users, you have two options, neither of which are very good:

1) Track the user with a user id stored in a cookie. As long as the cookie persists. the user can't vote twice. However, they can delete or otherwise modify the cookie. They might have cookies turned off. They could have two different browsers open at the same time. Scripts for "cheating" (curl http://site/vote?score=5&pic_id=1) won't store a cookie anyways. Basically, you'll end up with people voting more than they should.

1.5 *

2) Track the user by IP address. This is essentially the opposite. Users can't vote twice, regardless of deleting cookies, switching browsers, etc. However, several people from the same household (using a DSL router) can only vote once combined. Many companies will similarly hide many users behind a single IP address. I think some ISPs do, too (AOL?). You'll end up with far fewer "votes" than legitimately should have been recorded.

So the question is do you want over or under votes? If you think cheating is likely, I'd go for #2. But if cheating is likely, that means there's an incentive. And if people realize their votes aren't counted (which they may not realize), they'll be unhappy.

After that, whether you store each vote as a row, or combine the votes into a single row (update pictures set num_votes = num_votes + 1, total_score = total_score + [submitted score]) is up to you.

  • 1.5 The third option would be to record their vote and an email address, send them the email with a confirmation link and ask them to click it to record their vote. People can still cheat with fake email addresses, but it's not as likely as deleting a cookie.
James S