Forum: Ruby on Rails some light security on a voting web site

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Andy (Guest)
on 2009-03-31 22:04
(Received via mailing list)
I'm creating a site where a profile can be voted on by guest users.

I want to prevent basic fraud by disallowing multiple votes for the
same profile in one session.

I was thinking about using a session array and checking for the
profile ID in the session array.

So far, it's not working correctly and I'm not even sure if this is
the best approach.

Any ideas?

I'm open to new ideas, or at least debugging on my code:

    unless session[:voted_user_ids]
      session[:voted_user_ids] = Array.new
    end

unless session[:voted_user_ids].include? params[:voted_user_id]
    @vote = Vote.create(...)
    session[:voted_user_ids].push params[:vosted_user_id]
end

Thanks,
Andy
Philip H. (Guest)
on 2009-03-31 22:16
(Received via mailing list)
On Mar 31, 2009, at 11:03 AM, Andy wrote:

> the best approach.
>    @vote = Vote.create(...)
>    session[:voted_user_ids].push params[:vosted_user_id]
> end

If that's your exact code, it's not working cause you have
"vosted_user_id" (see that extra 's') in one of your lines...

Also you can replace your first three lines with:

session[:voted_user_ids] ||= []

-philip
Rick (Guest)
on 2009-04-01 03:52
(Received via mailing list)
You could take a look at http://blog.peteonrails.com/vote-fu/
This topic is locked and can not be replied to.