Function to allow only one vote per piece of equipment

Asked

Viewed 791 times

2

I set up a simple polling system in which it is possible to vote only once per IP. However, it records the network IP and not the user’s computer, making it impossible for other equipment on the same network to vote. I have already searched on Google and found no alternative to remedy this problem. I would like your suggestion.

  • https://stackoverflow.com/questions/13646690/how-to-get-real-ip-visitor Reply here at stackoverflow

  • 2

    It is impossible to identify the language-independent "user machine" running on your server.

  • @Weessmith this ai is to try to solve problems with PROXY and not with equipment.

  • What is your suggestion then to allow a poll to be voted only once per computer.

  • 2

    @Guilhermenascimento did not know it was impossible, so the most appropriate solution would be to use an identifier, such as a DDD phone number

  • 2

    @Eduardo could use a long-term cookie, but if the user clears the cookies then he can bypass the system, there is no guaranteed solution.

  • um, I got William, I’ll take a look at what I do then.... thank you all.

  • Not to mention that the user can use another browser. Then that cookie will not be used. It is better to use an identifier (phone, rg, Cpf). Because even if the user does not have the cookie in that browser he will not be able to vote twice.

  • with php vc can make use of some information obtained through $_SERVER['HTTP_USER_AGENT'] such as browser, browser version. Also with $_SERVER['HTTP_ACCEPT_LANGUAGE'], in addition to Guilherme Nascimento’s tips. The more information you get, the closer you get to the desired.

Show 4 more comments

1 answer

2


It is impossible differentiate two equipments that use the same network using only your website, regardless of the programming language you use on your server, there are still some alternatives, such as cookies, which however can be easily circumvented if the user wants to clean the browsing data, follow suggestions:

Cookie / localStorage

The most you can do is create a cookie, or "maybe" localStorage Javascript, but it does not mean that you will have guarantees against vote fraud, because the user can simply delete cookies or the localStorage and that is it, he can vote again.

Vote via app

Another solution is to create an app, which will use another type of identification, such as the person’s mobile number, of course the votes could only be made by the app, so no website, only webservice and a token for identification between client and server, this way it would be much more difficult for the user to circumvent.

Validate the vote

If you really want via the web a way to ensure that the vote is real is by validating via other means, such as email, for example:

  • the voting person enters the email and selects the voting option
  • the server generates a single link that can only be used once
  • the server sends the link via email to the user who voted
  • the user opens the INBOX and clicks on the link
  • when accessing the link the server validates the vote mark with some "flag" that the link expired (it can be done all via database)

This same technique could be used with validation via SMS, of course this will depend on a service that sends and receives SMS.


Zombie cookie

A few years ago some big websites were accused of using a technique called zombie cookie or evercookie or persistent cookie (had other names for this, if I remember I will edit), is a technique fairly variant, which usually consists of creating the cookie and using other aspects such as:

  • cache
  • create a temporary element on the page
  • ajax
  • localStorage / sessionStorage
  • embedded technologies such as flash or Silverlight

In other words, it recorded in several ways a simple reference that would serve as identification to regenerate the cookie if the user cleaned all navigation data, so as long as the page was open, even cleaning the data they were regenerated, still more advanced users knew well how to bypass it.

Understand that I am not talking to make use of this and I will not even provide a code for this, I am just commenting because the subject seems appropriate here, since the technique was created with a similar purpose.

This technique although bringing a reasonable efficiency still has controversies and maybe in Brazil do not cause anything as a process, yet the technique has been accused of violating the user’s privacy, including Microsoft itself went through something like this by using a "cookie" to identify users, which later after the polemics was disabled.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.