tags:

views:

28

answers:

3
+1  Q: 

Public Rating script, allowing 1 submission per visitor

Hi everyone,

I've written a .NET/jQuery rating script that allows users to rate a particular product.

Everyone that visits the website can rate, but I'd like to only allow 1 rating per visitor.

So far I've considered the following options.

1: Store the users IP address and only allow 1 submission per IP.

Of course, this would mean that people on corporate LAN's, Internet cafe's, public Wi-Fi's and such won't be able to vote after someone else has from the same location.

2: After voting, create a cookie in their browser that indicates they've voted.

This isn't a good solution either, since people using Private Browsing will be able to vote as many times as they like, OR a more advanced user will clear their cookies and keep submitting a vote over and over again.

So, is this possible?

+1  A: 

A cookie is what most sites use.

Though it is true that some users will be able to vote more than once, you need to ask yourself, how many advanced users are you going to have, and how many of those will really care enough.

In regards to cookies - nothing stops the same person from using another browser on the same computer, go to a different computer (which may also defeat the IP scheme) etc.

To ensure single vote per user have each login before voting - if you have a way to prevent multiple logins per user, limiting them to a single vote should be easy.

Oded  2010-08-08 07:15:56
Considering that part of the search functionality is sorting by rating, I'd hate to have skewed results because someone figured out how to vote more than once. Any other way you can think of?
Marko  2010-08-08 07:20:45
Agree, the real problem is establishing the identity of the voter.
nonnb  2010-08-08 07:21:31
Yeah in a perfect world I would use logins, however I want everyone that visits the site to vote. And prompting a user to register just to vote is not really going to work. I'll leave the question open in case someone has some sort of solution, perhaps using a combination of cookie/IP, where only 1 vote is allowed per IP per day/week etc..
Marko  2010-08-08 07:23:54
@Marko Ivanovski - Authentication (ensuring someone is who they say they are) is difficult in real life and even more so on the Internet. Most people will not be gaming the system, and those that will try will mostly be crude about it and be detectable (hundreds of votes from the same IP over a very short amount of time, for example)
Oded  2010-08-08 07:25:28
Based on the above and what I've found using Google there really is no way of distinguishing users. So I will only allow users with Cookies to vote, set a cookie of "voted" to true, and as fallback - only allow 1 submission per IP/per day in case one cleared their cookies. Chances that 2 people from the same company/Wi-Fi etc will vote in the same day are pretty slim - so that's pretty much problem solved. Thanks!
Marko  2010-08-08 07:40:30
+1  A: 

There is no good solution for unregistered users, you could use ip and user agent combination, but still the best solution is to use their user ids, in other words visitors must be registered on your website first.

negative  2010-08-08 07:22:53
+1  A: 

I say that you can check if the computer accept Cookies. If not accept cookies do not let him vote.

Second you can check how many pages every voter have see.

And how close is one vote to the other in time.

Now the person that try to make many votes, comming from the same ip, see 2 pages max, vote many times in a sort time, and probably not accept cookies.

I say all that, even tho I agree with Oded say.

Aristos  2010-08-08 07:23:33

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps