How can I keep users from repeat voting?

[robman22]

I have poll created and working successfully, but I don't
want the user to be able to repeatedly cast votes in a session. I'm pretty sure I'll have to use cookies for this and I don't really know a lot about them. Can anyone give me an example or point me in the right direction.

Thanks.

 

[KevinFSI]

I'm not that well versed at this kind of thing, so I apologize if I steer you the wrong way.

First, see if the cookie exists on their machine. If so, check to see if they've voted already:

<CFIF IsDefined(&quot;cookie.hasVoted&quot;)>
   <CFIF cookie.hasVoted IS &quot;yes&quot;>
      You cannot vote more than once
   </CFIF>
</CFIF>

If they have not voted before, let them do so, then set a cookie that says they've voted:

<CFCOOKIE NAME=&quot;hasVoted&quot; VALUE=&quot;yes&quot; EXPIRES=&quot;never&quot;>

This should get you there, but if anyone has something better I'm open to suggestions.

Later, Kevin
slanek@ssd.fsi.com

 

[swilliams]

If all you are interested in is not being able to vote twice in a session, you could use session variables. IE when the user votes, set Session("HasVoted&quot = True but before accepting the vote, check the session variable
<cfif Session(&quot;HasVoted&quot EQ False>
<!--- log the vote --->
<cfset Session(&quot;HasVoted&quot = True>
<cfelse>
You have already voted!
</cfif>

The session variable will then die when the session is killed, or when the session times out.

Simon

 

[Guest_imported]

I agree you will want to use cookies. For those who are not &quot;accepting&quot; cookies, you could use the #CGI.remote_host#
variable....

It has been a while since I have used &quot;dial-up&quot; but I don't remeber getting more than a half dozen different IP numbers...from any &quot;one&quot; ISP...

 

[Streetdaddy]

Cookies are good, but anyone with half-a-clue can just delete the cookie from their computer, refresh the site, and hey presto, they're a new visitor!

This is not to say that I can think of a better way, but I agree with the above post that using #CGI.HTTP_REFERER# is better, because its a lot of hassle to change your IP just so that you can cheat a Submit button... Miles Tillinger
SE Net Web Design

http://webdesign.senet.com.au

vmiles@senet.com.au

 

[KevinFSI]

I thought HTTP_REFERER only told you what page the user came from. If they got to page two from page one it would just say HTTP_REFERER=

http://blah/blah/one.cfm

Am I way off base? Kevin
slanek@ssd.fsi.com

 

[robman22]

Thanks for the feedback.
Some decisions changed and it's not really
needed now, but I will keep it for future
reference.

Thanks again.
robman22

 

[dlkraft]

I have a real time voting page where I have done exactly what you want to do - allow only one vote.

When a user chooses an item to vote on from my last, I query a table I have made of previously cast votes.

If that user has already cast a vote, the recordcount of the query returns more than 0, in other words yes, that user has voted on the item already.

In that case, I query the already cast vote and show it to the user, showing in red &quot;Review or edit your vote.&quot;

When they submit their change, it overwrites the already cast vote.

In the case where no previous vote is found, it is simply stored with the user's id and date, along with optional comments, in the voting table.

 

[Streetdaddy]

OOps, sorry Kevin

I meant to say CGI.Remote_host...

not http_referer Miles Tillinger
SE Net Web Design

http://webdesign.senet.com.au

vmiles@senet.com.au

 

[KevinFSI]

Dig it Miles, I'm with ya now. Kevin
slanek@ssd.fsi.com

 

[imstillatwork]

I Record IPs , Time , current url and login name(if any)
than I can sort my results buy date and see click paths of each user. not to sound off subject, since I Record all pof this data, IPs are saved and can be compared agains current IP from client and cookie . most ISPs use DHCP, but the release / renew time is usually long enough that by the time the poll is complete the user has not go a new IP, and the results are pretty accurate.

 

[mad01]

Hi guys...

When I store the IP address for each user that voted...I used to face this problem...I used to get the ISP's IP or if there is a machine on a LAN and other machines got to use that machine as a router to connect to the internet...then I used to get that machine's IP and not the real machine's...so is there a way to come over this...

If there isn't...I guess using both Cookies and IP's might be the best solution I guess... mad01

 

[CFDude]

Just my .02 -- use cookies. They are simple and easy to use. The amount of people who disable cookies, delete them, or whatever is so relatively small, it won't distort your results.

What I've done on another site it set a cookie on the main page called &quot;allowCookies&quot; or something like that. Then on the page where I need to set another cookie, check for the existince of the allowCookies cookie and if it is not there, then they obviously have it turned off. If they have it turned off, don't allow them to continue.

e.g
<cfif NOT isDefined(&quot;cookies.AllowCookies&quot>
Sorry, you must have cookies enabled on your browser to continue....
<cfelse>
You're okay -- continue
</cfif>