• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using Cookies to Prevent Multiple Sends

 
Mike Spenser
Greenhorn
Posts: 21
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've got a polling system that sets a cookie on vote and then if the user votes twice it shouldn't record the vote again. I dont' see the problem with my code (below). Especially since it is setting things correctly as my JSP checks for an attempt to vote again and tells the user "Sorry you can only vote once" yet it still records it twice. I'm thinking it may have something to do with the view.forward but I'm not sure.



and then my JSP results page:


[ August 08, 2006: Message edited by: Mike Spenser ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64175
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Before diving into your cookie problem, you do realize that cookies, being a client-side mechanism, are not a very secure way to do what you are trying to do?

A temp cookie can be removed simpley by closing and re-opening the browser, and disk cookies are easily removed either through browser controls or by removing the cookie file from the disk.

If you want a more secure way of preventing voting fraud, you'll need a server-side solution.
 
Paul Clapham
Sheriff
Pie
Posts: 20169
24
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This code:is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.
 
Mike Spenser
Greenhorn
Posts: 21
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Bear
Yes I realize that. However its just a poll. The two easiest to implement solutions would've been to either use cookies or use IP addresses. With IP addresses you are erring on the side of not allowing a vote, such as if someone from within a private network votes thus preventing anyone else from within that network from voting as I'm recording their public IP. While with a cookie you err on the side of letting them vote, because they may just have cookies blocked in which case the code never errors or they may clear them, or whatever. But for a poll it really doesn't matter. I still record their IPs just in case there is a case of abuse. And besides any system, client or server-side can be gotten around if the user really wants to. So if they want to invest the time and effort to make 2 votes go ahead.
------------------------------------------------------
is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.[/qb]<hr></blockquote>

How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?
[ August 09, 2006: Message edited by: Mike Spenser ]
 
Arvind Sampath
Ranch Hand
Posts: 144
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?


How about a 'return;' statement inside the if loop after the view.forward() ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic