On Mar 31, 2004, at 4:05 PM, Rob van Maris wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Reitsma Sent: woensdag 31 maart 2004 15:43 To: [EMAIL PROTECTED] Subject: RE: Script kiddies and the MMBase poll
The impossibility of building a watertight accept cookie detection lies in the impossibility to place a cookie on the response and detect this cookie during the same request (there is no such method like response.getCookie(), cookies have to land on the browser first :).
It's not just that. The user can always clear the cookies after voting, so a cookie-based policy is always easy to tamper with.
Rob van Maris Technical Consultant
I nice trick is not to fix it but to help them !! make them think they have won
The idea is once you detect a second vote, create a few vars for that person
on the serverside or cookie that keeps the score for them and just return them. The
result is they think they are changing the poll (and see the result on the site) but that
result is only shown for them after a while they feel happy and proud and stop. Most
will have no idea that the 'changed' score was just for them and everybody else has the
real results of the poll.
Daniel.
