Using Cookies to Prevent Multiple Sends

I've got a polling system that sets a cookie on vote and then if the user votes twice it shouldn't record the vote again. I dont' see the problem with my code (below). Especially since it is setting things correctly as my JSP checks for an attempt to vote again and tells the user "Sorry you can only vote once" yet it still records it twice. I'm thinking it may have something to do with the view.forward but I'm not sure.

protected void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        String c = request.getParameter("usage");
        String ip = request.getRemoteAddr();
 
        VoteModel sv = new VoteModel();
        
        //Check to see if client voted already
        Cookie[] cookies = request.getKookies();
        if( cookies != null ) {
            for(int i = 0; i < cookies.length; i++) {
                Cookie cookie = cookies[i];
                if( cookie.getName().equals("vote") && cookie.getValue().equals("true"))  {
                    request.setAttribute("vote_again", "true"); 
                    int[] currentVotes = sv.CurrentVotes();
                    request.setAttribute("votes", currentVotes);
                    request.setAttribute("user_vote", c);
                    RequestDispatcher view = 
                    request.getRequestDispatcher("results.jsp");
                    view.forward(request, response);
                } 
            }
        }
        
        //they've haven't voted
        sv.Store(c, ip);
        //set a cookie to note that the user has voted
        Cookie voteCookie = new Cookie("vote", "true");
        voteCookie.setMaxAge(604800); //# of seconds in a week
        Cookie pollVersionCookie = new Cookie("poll_version", "1");
        voteCookie.setMaxAge(604800); //# of seconds in a week
        response.addCookie(voteCookie);
        response.addCookie(pollVersionCookie);
        request.setAttribute("vote_again", "false");
        int[] currentVotes = sv.CurrentVotes();
        request.setAttribute("votes", currentVotes);
        request.setAttribute("user_vote", c);
        RequestDispatcher view = 
        request.getRequestDispatcher("results.jsp");
        view.forward(request, response);
        
    }

and then my JSP results page:

[ August 08, 2006: Message edited by: Mike Spenser ]

Before diving into your cookie problem, you do realize that cookies, being a client-side mechanism, are not a very secure way to do what you are trying to do?

A temp cookie can be removed simpley by closing and re-opening the browser, and disk cookies are easily removed either through browser controls or by removing the cookie file from the disk.

If you want a more secure way of preventing voting fraud, you'll need a server-side solution.

This code:is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.

@Bear
Yes I realize that. However its just a poll. The two easiest to implement solutions would've been to either use cookies or use IP addresses. With IP addresses you are erring on the side of not allowing a vote, such as if someone from within a private network votes thus preventing anyone else from within that network from voting as I'm recording their public IP. While with a cookie you err on the side of letting them vote, because they may just have cookies blocked in which case the code never errors or they may clear them, or whatever. But for a poll it really doesn't matter. I still record their IPs just in case there is a case of abuse. And besides any system, client or server-side can be gotten around if the user really wants to. So if they want to invest the time and effort to make 2 votes go ahead.
------------------------------------------------------
is executed unconditionally every time the servlet runs. And you're right, it's something to do with the view.forward. After you execute that, control carries right on to the code that stores the vote.[/qb]<hr></blockquote>

How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?
[ August 09, 2006: Message edited by: Mike Spenser ]

How do I get around that? Or better phrased: How do I shortcircuit out after the view.forward call like I'm trying to do?

How about a 'return;' statement inside the if loop after the view.forward() ?