voting script question

I am using a simple voting script for a school project which sets a cookie on each user's machine to prevent multiple votes. My problem is that I suspect some of the users are "cheating" so to speak by setting their browsers to not accept cookies. So my 2 questions are: Is there a way to see who is doing this, particularly if a less than scrupulous user logs on at a public place such as a library and votes many times (this is what I expect is happening). The other question is what can be done to stop this. I am a web develloper and not a programmer so I have only a marginal understanding of cgi.
Who is Participating?
mouattsConnect With a Mentor Commented:
There is no fool proof way unless you go down the road of logins or certificates.

But how about this approach using two basic pages.
When they request pageA check and record a cookie (or its absense)
When you send out pageA also send a cookie varying the value based on whether one was recieve or not.
On PageA there will be a link to PageB were they actually vote.
When the request for PageB is recieved again check and record the cookie value.
Now finally when they vote record the cookie value, the time, there IP address and their user agent.
Send a thnks for voting page and adjust the cookies value again.

Having done all this you can determine if a cookie is actually receive at the voting stage whether they are attempting to undertake multiple votes without changing their cookies and can discard the vote.

Where you can't tell from the cookies if they have cheated you can now compare the time, ip address and user agent to see if it looks likely that they have cheated. IE if multiple votes are received within a particular time span for the same time period then discount them if the IP address is the same or the user agent.

Can I ask what kind of voting system this is?  Is this something to vote in a survey, or elect a candidate, etc?

One way to prevent multiple votes is to assign every eligible voter a login and password to the voting section of your website.  That way, you know exactly who voted.  Granted since you aren't a programmer, this isn't an easy task, but we can start somewhere and see how we can help you out.

I rarely rely on cookies to do anything, and I can see why you think people are cheating on the vote.  Some things we might need to know:

- Do you want one vote per person or one vote per machine?  Is there a difference?

- About how many voters will you have?

- What kind of server side technologies do you have available to you (ASP, Perl/CGI, etc..)?

kim4815Author Commented:
The system is suppose to pick the winner of various contests; and the problem I think is multiple voting by the contestants. Since people who don't attend the school are encouraged to vote, I think asking for a login and password is probably too much too ask. That being said, I would assume one vote per machine would be the simplest option. Usually the total number of votes is well under 1000. The source of my suspicion is when a sizeable block of votes come in for one particular participant all within a short period of time, like 5-10 minutes.
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

if all machies have fixed ip;s, then what you should do is maintain a db/list of all the ip;s that have already voted.
ip can be tracked by the environment variable like this...

$userIP = $ENV{'REMOTE_ADDR'};
kim4815Author Commented:
I did think about having a database to record ip's but don't most people have dynamic ips? If a person can vote; log off; then log back on with a fresh ip number, how does the database help?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.