Users voting

I’m trying to work out the most reasonable way to keep track of users
“voting” for or against a particular bit of data. Obviously, I don’t
want them to be able to just bang on the link – I’d prefer to limit it
to one vote per day, for example.

I could record the fact that they’ve voted in the session, but I’d
really rather not have sessions for the portions of the site where
voting is relevant. This idea also seems fairly fragile.

So far, the best plan I have is to add a “votes” table that records an
ip address and a time stamp. Whenever a “vote” link is hit, the
controller could find and delete all records over 24 hous old, check the
current ip address against those left in the table, then record the vote
and ip address.

However, this seems a little involved.

Does anyone here have a better idea? How have you done it?

Thanks!

–Al Evans

“Al Evans” wrote:

I’m trying to work out the most reasonable way to keep track of users
“voting” for or against a particular bit of data. Obviously, I don’t
want them to be able to just bang on the link – I’d prefer to limit it
to one vote per day, for example.

I could record the fact that they’ve voted in the session, but I’d
really rather not have sessions for the portions of the site where
voting is relevant. This idea also seems fairly fragile.

I think limiting to one vote/session is doable, but what do you mean by
“fragile”?

So far, the best plan I have is to add a “votes” table that records an
ip address and a time stamp. Whenever a “vote” link is hit, the
controller could find and delete all records over 24 hous old, check the
current ip address against those left in the table, then record the vote
and ip address.

Keep in mind IP addresses are not necessarily unique (i.e. users behind
a firewall). This might be more problematic than using session.

Long

Another problem with limiting by IP address is that you could block a
number
of AOL users at once:

My initial speculation is that sessions really are the best way to go.
Resetting the session would require that the user delete the cookie file
in
his browser, which is probably enough of a hassle that most people
wouldn’t
be that motivated to do it, or know how to.

Or you could use a captcha, which raises the cost of voting over and
over.
And didn’t American Idol charge for votes at one point? Maybe you could
do
that :wink:

The real solution to this is to have users login so that you can
actually track them via an id. Of course, it looks like this is not a
option for you. :slight_smile:

Thanks a lot for the guidance.

It seems likely that all the solutions suck, one way or another.

So at this point, I’m just setting a “voted” cookie with some expiration
time, e.g., Time.now + 24.hours.

I figure that if cookies don’t work, sessions won’t work any better. And
since recording ip addresses seems useless, it seems to be as good a
technique as any.

If you want to blow big holes in that proposition, I’d consider it a
favor:-)

(Incidentally, re: “fragile” – what I meant was that a user can get a
new session just by exiting and restarting his browser.)

–Al Evans