Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Individual users can vote multiple times for a single question #1

Open
kevinharvey opened this issue Jan 18, 2013 · 5 comments
Open
Assignees

Comments

@kevinharvey
Copy link
Owner

That's not how democracy works! Users should not be able to vote repeatedly for the same question.

@ghost ghost assigned kevinharvey Jan 18, 2013
@garromark
Copy link
Contributor

Thanks for the presentation. I've never done a fork, edit, and merge request and would appreciate being able to try. Do you suggest we get this to work by saving IP along with the vote? The only issue I can see is if multiple computers are running from the same venue and thus the same wireless router, which would likely them the same external IP address. This is a non-trivial matter since you're using this app during presentations. Do you have a different suggestion for how this should be done? (Email registration/validation seems like another alternative, but seems troublesome for a quick demo.)

We could also do some sort of session-based solution (i.e. 1 vote per session), which isn't perfect, since you could write a script that clears your session, or simply refuses to keep a cookie jar, and visits the up vote link multiple times. However, if you aren't worried about people writing bots as exploits, this seems like a relatively simple solution without having to involve a registration process.

@garromark
Copy link
Contributor

A single Captcha per session would help prevent botting.

@kevinharvey
Copy link
Owner Author

I like your session idea, for a few reasons:

  1. It's the simplest solution that will address this bug
  2. The 'bot' problem is real, but I'd think it's another ticket
  3. This project is really about showcasing TDD, so the real power would be in the test that shows this bug

I think the steps are:

  1. Write a functional test (or extend the current "Isabella" one) that will fail if you successfully vote on the same question twice
  2. Modify the view to check for a session variable "voted_on_", and set it if if it hasn't been created

We could maybe disable to link if that variable is set? Display an error message if you try voting twice? What do you think?

Thanks so much for jumping in, BTW!

@kevinharvey
Copy link
Owner Author

Yeah, a Captcha just to get in. Would be a good solution for a bot ticket.

@garromark
Copy link
Contributor

I'll work on the test first. Should I do a pull request only after a test was written and a solution made for it. But I might paste a link the the push here so I can get feedback on it.

Thanks for helping!

You're right about keeping a separate ticket for botting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants