If you want to avoid cookies (my anti-virus program deletes my cookies), and avoid cheating, I would store/check if the IP has been used before, by storing them into a database. Session, no. Just go to a different website, and come back, you could vote again. If you do go the IP/Database route, do the databse logic in the application config file, application_start. Or, you could just add it in the actual webpage/control. BTW, does anyone reccomend the app.config solution, or do you think it is to taxing?
Ah yes, I forgot about dynamic IP’s. You could use e-mail address, but then you can make up e-mail addresses on-the-fly. Unless you made the voter validate the poll through an e-mail that has a link to validate the vote, but that would be like killing a fly with a bazooka.
Your right however, nothing is full-proof, it is the internet.
Ya I had considered the IP route. My only concern was eliminating many people using the same IP. A good portion of the target audience will be college aged students. By using an IP method I could potentially block out many on campus students who are connected to the same local router/network. I hadn’t considered the email idea, but thats even easier to fake than an ip and if I force users to confirm email addresses that is the same as becoming a registered user. At that point the current problem wouldn’t exist because there wouldn’t be such thing as an anonymous user.
Try what I suggested maybe. Using their IP address and hostname to validate them. And hopefully 2 PCs will not have the same name on the same IP. But if they are really going to go through all the trouble of changing their computer name, just to vote again, then I dnt no. lol