I'm trying to work out the most reasonable way to keep track of users
"voting" for or against a particular bit of data. Obviously, I don't
want them to be able to just bang on the link -- I'd prefer to limit it
to one vote per day, for example.
I could record the fact that they've voted in the session, but I'd
really rather not have sessions for the portions of the site where
voting is relevant. This idea also seems fairly fragile.
I think limiting to one vote/session is doable, but what do you mean by
"fragile"?
So far, the best plan I have is to add a "votes" table that records an
ip address and a time stamp. Whenever a "vote" link is hit, the
controller could find and delete all records over 24 hous old, check the
current ip address against those left in the table, then record the vote
and ip address.
Keep in mind IP addresses are not necessarily unique (i.e. users behind
a firewall). This might be more problematic than using session.
Another problem with limiting by IP address is that you could block a number
of AOL users at once:
My initial speculation is that sessions really are the best way to go.
Resetting the session would require that the user delete the cookie file in
his browser, which is probably enough of a hassle that most people wouldn't
be *that* motivated to do it, or know how to.
Or you could use a captcha, which raises the cost of voting over and over.
And didn't American Idol charge for votes at one point? Maybe you could do
that
