www.jpgimage.co.uk/full.php?image=1212

As part of the usual measures to try and prevent multiple votes .

I added a timer so that only one vote (every 3 minutes) regardless if 
its the same user or not will be accepted .

The thinking being that unless its a really busy website - then most 
people wont know the difference - or even know its there .

The question being .....

Do you think a 3 minute time delay is about right - or do you think it 
should be set at less time or more time ? .

"Krustov" wrote...
> www.jpgimage.co.uk/full.php?image=1212
>
> As part of the usual measures to try and prevent multiple votes .
>
> I added a timer so that only one vote (every 3 minutes) regardless if
> its the same user or not will be accepted .
>
> The thinking being that unless its a really busy website - then most
> people wont know the difference - or even know its there .
>
> The question being .....
>
> Do you think a 3 minute time delay is about right - or do you think it
> should be set at less time or more time ? .
>

I assume you are not telling people that their vote is rejected?

I think only something like 30 seconds, or a little longer than it would 
take to get from 'vote received' back to the vote page would be apt. If 
someone is determined to multi-vote, they're not going to hang on 3 minutes 
just in case there's a gate, they'll just do it. Either that or the next 
time they go online, if it's a casual double vote.

-dE|_---

<uk.net.web.authoring>
<dE|_>
<Mon, 21 Jul 2008 16:07:57 +0100>
<YD1hk.17429$A42.7575@newsfe14.ams2>

> > The question being .....
> >
> > Do you think a 3 minute time delay is about right - or do you think it
> > should be set at less time or more time ? .
> >
> 
> I assume you are not telling people that their vote is rejected?

Those who ignore the wait x amount of seconds get shown this if they try 
to vote .

www.jpgimage.co.uk/full.php?image=1213

> I think only something like 30 seconds, or a little longer than it would 
> take to get from 'vote received' back to the vote page would be apt. If 
> someone is determined to multi-vote, they're not going to hang on 3 minutes 
> just in case there's a gate, they'll just do it. Either that or the next 
> time they go online, if it's a casual double vote.
> 

TMK their isnt a 100% perfect method to prevent multiple voting for this 
sort of thing - and the best anybody can do is slow them down a bit .


-- 
www.krustov.co.uk

<uk.net.web.authoring>
<Krustov>
<Mon, 21 Jul 2008 15:55:21 +0100>


> www.jpgimage.co.uk/full.php?image=1212
> 
> As part of the usual measures to try and prevent multiple votes .
> 
> I added a timer so that only one vote (every 3 minutes) regardless if 
> its the same user or not will be accepted .
> 

www.jpgimage.co.uk/full.php?image=1214

Theres also the standard image code thingy to annoy possbile abusers .


-- 
www.krustov.co.uk

<uk.net.web.authoring>
<Krustov>
<Mon, 21 Jul 2008 16:26:24 +0100>


> www.jpgimage.co.uk/full.php?image=1214
> 
> Theres also the standard image code thingy to annoy possbile abusers .
> 

www.jpgimage.co.uk/full.php?image=1215

But the clicking on the refresh icon after making a valid vote is 
probably the best :-)

Message-ID:  from
Krustov contained the following:

>As part of the usual measures to try and prevent multiple votes .
>
>I added a timer so that only one vote (every 3 minutes) regardless if 
>its the same user or not will be accepted .

Are you using sessions?  Setting a session variable will prevent
re-voting until the session expires  or unless they close and re-open
the browser.

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

<uk.net.web.authoring>
<Geoff Berrow>
<Mon, 21 Jul 2008 17:26:41 +0100>


> >As part of the usual measures to try and prevent multiple votes .
> >
> >I added a timer so that only one vote (every 3 minutes) regardless if 
> >its the same user or not will be accepted .
> 
> Are you using sessions?  Setting a session variable will prevent
> re-voting until the session expires  or unless they close and re-open
> the browser.
> 

I've never got around to learning sessions and use my own custom written 
methods instead .

But given that most users have more than one browser installed - then 
wouldnt they just need to fire up a different browser ? .


-- 
www.krustov.co.uk

Message-ID:  from
Krustov contained the following:

>> Are you using sessions?  Setting a session variable will prevent
>> re-voting until the session expires  or unless they close and re-open
>> the browser.
>> 
>
>I've never got around to learning sessions and use my own custom written 
>methods instead .
You should learn them.  Very useful.
>
>But given that most users have more than one browser installed - then 
>wouldnt they just need to fire up a different browser ? .

If they could be arsed I suppose.  Or wait 3 minutes.  Like you say, no
system is 100%   But I find sessions so much easier that writing to and
from files.


-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

"Krustov" wrote...
>
>> > The question being .....
>> >
>> > Do you think a 3 minute time delay is about right - or do you think it
>> > should be set at less time or more time ? .
>> >
>>
>> I assume you are not telling people that their vote is rejected?
>
> Those who ignore the wait x amount of seconds get shown this if they try
> to vote .
>
> www.jpgimage.co.uk/full.php?image=1213
>
>> I think only something like 30 seconds, or a little longer than it would
>> take to get from 'vote received' back to the vote page would be apt. If
>> someone is determined to multi-vote, they're not going to hang on 3 
>> minutes
>> just in case there's a gate, they'll just do it. Either that or the next
>> time they go online, if it's a casual double vote.
>>
>
> TMK their isnt a 100% perfect method to prevent multiple voting for this
> sort of thing - and the best anybody can do is slow them down a bit .

I put my hands up, I hadn't looked at the first image to see that you were 
declaring this time gate, I assumed it was a background function. That is 
what my time length suggestion went by; long enough to silently ignore 
machine style voters only.

-dE|_---

"Krustov" asked...
>
>> >As part of the usual measures to try and prevent multiple votes .
>> >
>> >I added a timer so that only one vote (every 3 minutes) regardless if
>> >its the same user or not will be accepted .
>>
>> Are you using sessions?  Setting a session variable will prevent
>> re-voting until the session expires  or unless they close and re-open
>> the browser.
>>
>
> I've never got around to learning sessions and use my own custom written
> methods instead .
>
> But given that most users have more than one browser installed - then
> wouldnt they just need to fire up a different browser ? .

I know squat about sessions, but for future reference; wouldn't they just 
have to open a new tab?

-dE|_---

On Mon, 21 Jul 2008 15:55:21 +0100, Krustov wrote:

> www.jpgimage.co.uk/full.php?image=1212

http://www.jpgimage.co.uk/view.php?image=1197

"Krusty enjoyed his day out from the home"

Is there any difference between and ogre and a troll? :)

-- 
Andy Jacobs

Message-ID: <7j9hk.26525$CE1.2578@newsfe17.ams2> from dE|_ contained the
following:

>I know squat about sessions, but for future reference; wouldn't they just 
>have to open a new tab?

Can't speak for IE, but certainly not for Firefox.  The whole thing
needs to be closed down because the session ID is stored as a temporary
cookie in memory.

Sessions are great for log ins, storing contents of shopping carts, form
contents across multi page sets etc, etc
-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

In message , Geoff Berrow 
 writes
>Message-ID: <7j9hk.26525$CE1.2578@newsfe17.ams2> from dE|_ contained the
>following:
>
>>I know squat about sessions, but for future reference; wouldn't they just
>>have to open a new tab?
>
>Can't speak for IE, but certainly not for Firefox.  The whole thing
>needs to be closed down because the session ID is stored as a temporary
>cookie in memory.

In FF you can delete the cookie from Tools, Options, Privacy, Show 
Cookies. No need to close FF.
-- 
Dominic Sexton

Message-ID: <GP6Jdme6$ZhIFwj7@nospam.demon.co.uk> from Dominic Sexton
contained the following:

>>Can't speak for IE, but certainly not for Firefox.  The whole thing
>>needs to be closed down because the session ID is stored as a temporary
>>cookie in memory.
>
>In FF you can delete the cookie from Tools, Options, Privacy, Show 
>Cookies. No need to close FF.

In any online voting system the best you can hope to do is slow people
down.  If the only tool you have is a hammer, then everything is a nail.
krusty knows how to write and read to files so he uses that for
everything.  So I imagine that's how he's storing these timeouts.  That
could get messy unless he's written a garbage collection routine, but is
probably slightly more effective than sessions for slowing people down
(assuming he's storing IP address, it probably takes more time to change
IP than to delete a cookie).

If I was doing it the timeout way, I'd use a database.

Going back to the original question, is three minutes long enough?  Well
probably, because IP is a blunt tool and you don't want to stop
legitimate users from voting.  But I would prevent the vote silently and
not do this www.jpgimage.co.uk/full.php?image=1213  It's just an
invitation to beat the system. You need to stop the duplicate but not
say how you are doing it.

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

"Geoff Berrow"  wrote in message 
news:j59b84prdf3bmkhfj1dslvi7lve73jf7cl@4ax.com...
> Message-ID: <GP6Jdme6$ZhIFwj7@nospam.demon.co.uk> from Dominic Sexton
> contained the following:
>
<snip>

>But I would prevent the vote silently and
> not do this www.jpgimage.co.uk/full.php?image=1213  It's just an
> invitation to beat the system. You need to stop the duplicate but not
> say how you are doing it.

I would not tell them *why* their vote didn't count, but I would tell them 
that their vote didn't count.  This will prevent users attempting to vote 
many times and thinking that each vote is counting.

+mrcakey
www.manchester-website-design.co.uk

<uk.net.web.authoring>
<Geoff Berrow>
<Tue, 22 Jul 2008 10:34:25 +0100>


> >In FF you can delete the cookie from Tools, Options, Privacy, Show 
> >Cookies. No need to close FF.
> 
> In any online voting system the best you can hope to do is slow people
> down.  If the only tool you have is a hammer, then everything is a nail.
> krusty knows how to write and read to files so he uses that for
> everything.

As flat files are the only thing i use - i'm quite good at using them .

> So I imagine that's how he's storing these timeouts.  That
> could get messy unless he's written a garbage collection routine, but is
> probably slightly more effective than sessions for slowing people down
> (assuming he's storing IP address, it probably takes more time to change
> IP than to delete a cookie).
> 

Its the same 3 minute delay for everybody & the ip address has nothing 
to do that particular timer check .


-- 
www.krustov.co.uk

<uk.net.web.authoring>
<+mrcakey>
<Tue, 22 Jul 2008 10:55:57 +0100>
<g64ard$284$1@news.albasani.net>

> >But I would prevent the vote silently and
> > not do this www.jpgimage.co.uk/full.php?image=1213  It's just an
> > invitation to beat the system. You need to stop the duplicate but not
> > say how you are doing it.
> 
> I would not tell them *why* their vote didn't count, but I would tell them 
> that their vote didn't count.  This will prevent users attempting to vote 
> many times and thinking that each vote is counting.
> 

IMHO a abuser will use the same techniques they always use regardless of 
what the message says .


-- 
www.krustov.co.uk

Message-ID:  from
Krustov contained the following:

>Its the same 3 minute delay for everybody & the ip address has nothing 
>to do that particular timer check .

What, you mean that if one person votes then no one can vote for three
minutes?

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

<uk.net.web.authoring>
<Geoff Berrow>
<Tue, 22 Jul 2008 14:08:09 +0100>


> >Its the same 3 minute delay for everybody & the ip address has nothing 
> >to do that particular timer check .
> 
> What, you mean that if one person votes then no one can vote for three
> minutes?
> 

Yep .

But as previously said - unless its a busy website - then most people 
wont know the difference as the 3 minute timer notice wont appear once 
the 3 minutes has elapsed .


-- 
www.krustov.co.uk