tags:

views:

25

answers:

2
+1  Q: 

Limiting Form Submissions by Time

This is not language specific. What are the best methods to limit how many times a person may submit a web form, not knowing any info about that person. Example: Voting for the all star game online, only allowed 1 per 24 hour cycle. Something where you don't have to "log in". My thoughts were:

  • Use Captcha to keep bots at bay
  • Drop a cookie that expires in 24 hours
  • Check IP address if no cookie present (How many people are going to get banned because of NAT using this technique)
  • Anything I'm missing?
+2  A: 

Very good technique is to use Flash cookie. Many people clears cookies or uses different browsers. Flash cookies are cross-browser: they have same value across all browsers in your system, and people often doesn't know they exist.

How it works you can check here:

http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash

Cookie and IP are of course also worth checking, but cookies don't block cheating, and IP blocks NAT users.

Thinker  2010-09-21 17:46:54
Wouldn't stop me unless you did the form/action in Flash -- I use Flashblock and don't allow flash unless the rest of the page gives me a compelling reason to do so.
Stan Rogers  2010-09-21 18:06:08
Wow, I've never heard of this, definitely going to check it out
Tim Boland  2010-09-21 18:52:12
A: 

There is another technique which identifies you upon browser and installed plugins. See Panopticlick.

IMHO this is quite a exotic option.

amra  2010-09-21 20:00:40

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?