问题
How do you handle public vote (anyone can "like or dislike" an article) and to restrict him to vote only one time?
Have I to use cookies? (with the problem that he can remove the cookie and vote x999 times) or I store his IP in database?
回答1:
The solution has three parts:
- use a cookie to prevent double votes
- store all vote events in the database (ip, user agent, poll/article id, vote)
- implement an algorithm which will run every 24h to delete the double votes which escaped from #1. The algo will use data from #2
Using only the IP is not appropriate as it can leave tons of people out of the voting system.
回答2:
Use the IP.
While you may cause a bunch of people from only voting once from behind one IP, the alternative is trivial to bypass (don't store cookies).
回答3:
I'd say do both so that if there are people with dynamic IP they will have to change IP and delete cookies at the exact same time.
回答4:
If the user authenticates, ie they vote as themselves, throw a record in the database saying the user has already voted. For anonymous voters you are limited to cookies, local storage, ect.
回答5:
Instead of cookies could use evercookie, which is much harder (but still possible) to bypass.
evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
来源:https://stackoverflow.com/questions/6118565/public-votes-and-avoiding-mutliple-vote-using-cookies-or-ip