Note: This guide describes Kentico CMS version 7. Unfortunately, we cannot support this guide from version 8 forward. Go to latest documentation

Skip to end of metadata
Go to start of metadata

When you include polls and content rating functionalities on your website, you usually want to assure, that each user can vote only once. This is very difficult or nearly impossible to achieve. You should keep in mind that there will always be users that will vote more than once and users who will not be allowed to vote at all. You can come across two known possible solutions to this problem:

  • Store a cookie in the users' browsers - this is the solution implemented by Kentico. The problem is that technically skilled users can overcome this protection. They can switch to different browsers or delete the particular cookie in their browsers and vote again.
  • Store the votes in the database with the users' IPs - the problem with this solution is that users and IP addresses are not mapped one to one. Many people share the same IP, for example in office buildings, and banning one user would ban the whole network in the building. Moreover, people can easily switch their IP addresses by moving between access points, using proxies or mobile devices.

There is also another solution, which is preferable to the previous two:

  • Allow only signed-in users to vote and store a flag in the database - you will have to ensure that users cannot easily create multiple accounts by, for example, manually approving registrations or by tying accounts to e-mail addresses. However, you will protect your voting systems, at least to a certain extent.

You should consider the level of protection the voting systems in your application require and implement your own solution if needed.

  • No labels