I''m trying to work out the most reasonable way to keep track of users "voting" for or against a particular bit of data. Obviously, I don''t want them to be able to just bang on the link -- I''d prefer to limit it to one vote per day, for example. I could record the fact that they''ve voted in the session, but I''d really rather not have sessions for the portions of the site where voting is relevant. This idea also seems fairly fragile. So far, the best plan I have is to add a "votes" table that records an ip address and a time stamp. Whenever a "vote" link is hit, the controller could find and delete all records over 24 hous old, check the current ip address against those left in the table, then record the vote and ip address. However, this seems a little involved. Does anyone here have a better idea? How have you done it? Thanks! --Al Evans -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
"Al Evans" wrote:> > I''m trying to work out the most reasonable way to keep track of users > "voting" for or against a particular bit of data. Obviously, I don''t > want them to be able to just bang on the link -- I''d prefer to limit it > to one vote per day, for example. > > I could record the fact that they''ve voted in the session, but I''d > really rather not have sessions for the portions of the site where > voting is relevant. This idea also seems fairly fragile. >I think limiting to one vote/session is doable, but what do you mean by "fragile"?> So far, the best plan I have is to add a "votes" table that records an > ip address and a time stamp. Whenever a "vote" link is hit, the > controller could find and delete all records over 24 hous old, check the > current ip address against those left in the table, then record the vote > and ip address. >Keep in mind IP addresses are not necessarily unique (i.e. users behind a firewall). This might be more problematic than using session. Long --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Another problem with limiting by IP address is that you could block a number of AOL users at once: http://en.wikipedia.org/wiki/WP:AOLIP#Blocking_AOL_users My initial speculation is that sessions really are the best way to go. Resetting the session would require that the user delete the cookie file in his browser, which is probably enough of a hassle that most people wouldn''t be *that* motivated to do it, or know how to. Or you could use a captcha, which raises the cost of voting over and over. And didn''t American Idol charge for votes at one point? Maybe you could do that ;) On Tuesday 29 August 2006 15:09, Long wrote:> "Al Evans" wrote: > > I''m trying to work out the most reasonable way to keep track of users > > "voting" for or against a particular bit of data. Obviously, I don''t > > want them to be able to just bang on the link -- I''d prefer to limit it > > to one vote per day, for example. > > > > I could record the fact that they''ve voted in the session, but I''d > > really rather not have sessions for the portions of the site where > > voting is relevant. This idea also seems fairly fragile. > > I think limiting to one vote/session is doable, but what do you mean by > "fragile"? > > > So far, the best plan I have is to add a "votes" table that records an > > ip address and a time stamp. Whenever a "vote" link is hit, the > > controller could find and delete all records over 24 hous old, check the > > current ip address against those left in the table, then record the vote > > and ip address. > > Keep in mind IP addresses are not necessarily unique (i.e. users behind > a firewall). This might be more problematic than using session. > > Long > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Thanks a lot for the guidance. It seems likely that all the solutions suck, one way or another. So at this point, I''m just setting a "voted" cookie with some expiration time, e.g., Time.now + 24.hours. I figure that if cookies don''t work, sessions won''t work any better. And since recording ip addresses seems useless, it seems to be as good a technique as any. If you want to blow big holes in that proposition, I''d consider it a favor:-) (Incidentally, re: "fragile" -- what I meant was that a user can get a new session just by exiting and restarting his browser.) --Al Evans -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
The real solution to this is to have users login so that you can actually track them via an id. Of course, it looks like this is not a option for you. :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---