问题
I'd like to implement a voting system on my site, without having to force them to create an account. They would ultimately be voting up/down a piece of content which has a unique ID.
- I know that I could store entries in a table with IP/ID, but what if there are more than one user coming from the same IP?
- Is there a way to uniquely identify visitors without it being tied to their external ip?
- If created a GUID, store it in a cookie on that machine, could it be retrieved later on that same computer with the same IP? A different IP?
Any thoughts on these questions, or any insight to a better approach would be greatly appreciated.
回答1:
Yes, you could use a cookie and set the expiration very far into the future; however, there is nothing stopping anyone from clearing their cache and voting again.
Your best bet, is to use the cookie and don't allow votes from the same IP within 15 minutes of each other... without registration thats the best you can do.
回答2:
You could identify users based on more than just their IP. For example you could include the IP + the entire request header information (such as Browser, Version Numbers, Capabilities) and hash that. That will more or less uniquely identify your user (not 100% though, unfortunately.)
回答3:
You could allow them to login using OpenId, this would allow them to use an existing account to vote and they wouldnt have to create a new account.
Google and Yahoo and others have services to allow you to authenticate users.
If you dont authenticate users in some way, the voting system would me open to abuse.
回答4:
The IP + user agent is a lot more unique than IP; not sure whether it's adequate for your purposes. If you send them a cookie, it will get returned by that computer (if they're using the same browser) as long as the cookie stays around, regardless of IP, but note that the user can get rid of the cookie whenever they want.
If you're concerned at all about using this system to prevent vote fraud, I do not believe you are not going to be able to get around making them have an account.
回答5:
It is impossible in principle for you, using a cookie, to distinguish between a visitor who has never visited and a visitor who has visited but deleted the cookie. Consequently, any cookie-based solution will be vulnerable to trivial vote fraud.
Consider embracing this reality in the spirit of J Henry Lowengard, who, when he setup the top 100 site on WFMU back in the mid-1990s, provided a button on the "your vote has been counted" page labeled "Go Back and Vote Some More!"
In fact, go there now and vote for (or against) StackOverflow!
回答6:
I'm thinking the same problem right now. my possible approaches will be as follows:
(A) you can accept votes from those people who were in your site (using SESSIONS) for at least 15 minutes (it can be approximate time for a user to read an article in a blog/site). when they vote, the timer will reset for the next vote. so this way, there is no use deleting the cookies anymore for users.
(B) you can accept votes from unregistered people and taking their email address and sending them a verification link to their vote. when they click the verification link in their email box, then you can actually count the vote. it's like voting per email address.
(C) combination of (A) and (B). this way you can be sure you will be sending verification links only every 15 minutes to a single user which will not be a lot :)
回答7:
I know this is old, but just came here and had an idea..
What about something like https://panopticlick.eff.org ? Yet another thing one could throw in ..
(If this ever goes offline: This is a cumulative fingerprint made of the usual stuff plus + Browser Plugin Details + Time Zone + Screen Size and Color Depth + System Fonts + supercookies )
回答8:
Another option would be to use the session. It would allow you to store the session id in conjunction with the IP. That would allow you to get multiple IP but from different sessions. The only flaw to that would be the possible switching of browsers. Adding a cookie to make it a trio could help weed out flooding.
I have done this in the past with just IP address, which seem to work on small scale.
回答9:
You could try Evercookie or similar solutions.
来源:https://stackoverflow.com/questions/978369/implementing-a-voting-system-without-requiring-registration