Posted by Mladen Gogala on 09/03/05 05:54

On Sat, 03 Sep 2005 12:35:30 +1200, windandwaves wrote:

> I thought about using the session ID as a unique identifier, what do you
> think?

You should either allow voting only to the registered users or create a
cookie with setcookie() and refuse to allow voting if the corresponding
$_COOKIE is set. Of course, nothing will prevent the user from cleaning
the cookies in his browser or voting by LWP, which will give the user
the full control over his cookies and cream.
That is the benefit of allowing only registered users to vote. I have to
confess that I once rigged a poll like that using Perl and LWP and that
the winning option won with 100 times as many votes as there were possible
voters. Of course, the poll was cookie based. If your goal is to discover
hidden Perl programming talents, cookie-based polls are the way to go. If,
on the other hand, you want a realistic poll, then you can allow voting
only to the registered users and insert the voting record into a database
table with username as the primary key. Primary key disallows duplicates,
so an attempt to vote early and vote often will inevitably fail. That
means that everything is server controlled and nothing is left for
practicing scripting skills on the client side. That type of polls is
boring and realistic.

--
http://www.mgogala.com

[Back to original message]