Some light security on a voting web site

I’m creating a site where a profile can be voted on by guest users.

I want to prevent basic fraud by disallowing multiple votes for the
same profile in one session.

I was thinking about using a session array and checking for the
profile ID in the session array.

So far, it’s not working correctly and I’m not even sure if this is
the best approach.

Any ideas?

I’m open to new ideas, or at least debugging on my code:

unless session[:voted_user_ids]
  session[:voted_user_ids] =

unless session[:voted_user_ids].include? params[:voted_user_id]
@vote = Vote.create(…)
session[:voted_user_ids].push params[:vosted_user_id]


You could take a look at

On Mar 31, 2009, at 11:03 AM, Andy wrote:

the best approach.
@vote = Vote.create(…)
session[:voted_user_ids].push params[:vosted_user_id]

If that’s your exact code, it’s not working cause you have
“vosted_user_id” (see that extra ‘s’) in one of your lines…

Also you can replace your first three lines with:

session[:voted_user_ids] ||= []


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs