A reader Aaron J. writes in response to the short article How to obtain the IP address of the current user:
Do you have any advice on how I can take this a step further? I am looking to limit a given user to one vote per session but I'm not sure how to achieve this. I'd appreciate any help you can offer. Thanks for your time.
Good question, Aaron. Remember that a session is simply tied to your browser cookie, so if we allow one vote per session, all the user has to do is clear their cookies and then vote again. And again. And again! So I think what you mean is how do we allow only one vote per IP address? To enforce that, we'll need to save a list of the IP addresses that have already sent us a vote. And before we record a vote, we need to make sure their IP address isn't already on that list. Further, we should remember which poll number they have voted in so we can have more than one poll in our application. We're going to need a simple table:
For simplicity of this example, we'll put all of our logic in the controller. (I won't show the VoteLog model class because it's empty.)
Just keep in mind this approach might not be appropriate in all situations. Due to Network Address Translation (NAT) firewalls, many thousands of people will appear to have the same client_ip. This is particularly true in corporate environments. If that's a concern, you'll need to go with a full-blown registered-user approach.
How to obtain the IP address of the current user
Feedback and Article Ideas
Want to see a topic explored here? Send Me a Message.