views:

102

answers:

3

Hello,

How do I prevent a customer from rating a product more than once? Is it best to use cookies that store the IP address or is it best to store user ratings in the database? I am using MySQL and ColdFusion.

Cheers!

+2  A: 

If you can store the ratings in the database, go for it. Cookies can be deleted and IP addresses can't be used to reliably identify a particular person.

RegDwight
+1  A: 

Well, all of your rating proceedures once rated will communicate with a database right? Since you are using mySQL each rating will presumably be saved in your database.

When you have rated a product, just give the user a unique ID, based on his IP, or if applicable a username. Then check to see if this user has already rated once before.

Its quite simple.

 IF userVoted != true 
         saveVote ( "ipAddress", "User Voted Yes")
    else
         display ( "You have already voted" )
Laykes
+2  A: 

If you have user accounts, associate your ratings with the accounts. Job done as long as one user only has one account.

If you use cookies then you will likely run into problems with users who have them disabled, who use multiple browsers or who deliberately delete them, if you store the IP address you will potentially ( although it is quite unusual ) run into problems with different users from the same IP address- the same family or organisation will probably have relatively few external IP addresses, while ISPs such as AOL will routinely have requests for a single page come from multiple IPs.

On the whole my feeling is that if a user cares enough to rate a product they probably care enough to sign up for a user account. You can still keep an eye on IP data and other browser information in case anything dodgy is going on, but that is the most effective way to ensure that your users are at least distinct enough to have different email addresses. It won't catch anyone wanting to seriously manipulate your ratings, but actually if you do run into someone like that you will have a hard time stopping them whatever you do and until you have indicative useage patterns you'll be hard pressed to know what to look for. In this instance making sure that whatever you do, you keep careful logs is important...

glenatron
If you add some captcha to the process of user registration, you should be quite safe against someone adding thousands of votes.
Krab
Indeed, but if you work on an "average vote" system of ratings it wouldn't necessarily take a lot of fake accounts created manually off a multiple email addresses by a single user to bias the ratings strongly in favour of ( or against ) a single product. Particularly in the early stages a site would be very vulnerable to this.
glenatron
glenatron, many thanks. I also wanted unregistered users to be able to vote. Enforcing logic in the my DB for registered users should not be difficult. I thought about creating a joiner table (ratingID*,productID*(fk), userID*(FK)) to track each rating... but it's unregistered ones that cause an issue for me.
Mel
Unfortunately there won't be any simple way you can sort that with unregistered users. Your best bet would be to use the IP address and set a cookie on the user's browser and then to add a strong bias so once you have some ratings from registered users you favour those largely in your calculations- for example maybe treat the average score from unregistered users as equivalent to the vote of a single registered user. It won't be perfect but there is no perfect solution here.
glenatron