基于IP或Cookie限制用户活动? [英] Restrict User Activity Based on IP or on Cookie?
问题描述
我正在开发一个PHP脚本,允许用户对某些项目进行投票。任何用户是否登录都可以投票。请考虑以下情况:
I am working on a PHP script that allows users to vote on certain items. Any user whether logged in or not can vote. Consider the following cases:
- 如果用户已登录,我可以记录用户的ID,并且可以限制对同一项目的投票,如果他尝试再次投票。
- 如果用户未登录,我可以记录用户的IP,并限制对来自同一IP的同一项目的投票。
如果是第一种情况,则无需记录IP。现在,第二个案件让我疯了,有点儿。我想知道用户可能正在更改IP,然后再次对同一项目进行投票。现在,即使我使用Cookie或会话变量,也可能发生用户正在开始新会话(或已删除cookie)以再次对同一项目进行投票。
If it's the first case, there's no need to log the IP. Now, the second case is driving me nuts, sort of. I was wondering that it may happen that the user may be changing IP, and then votes again on the same item. Now, even if I use Cookies or Session vars, it may also happen that the user is starting a new session (or has deleted the cookies) to vote on the same item again.
我错过了什么吗?如果没有,如何处理这种情况?有什么想法?
Am I missing something? If not, how to handle such situations? Any thoughts?
推荐答案
我会认真考虑使用Captcha,reCaptcha是个不错的选择。
I would seriously consider use a Captcha, reCaptcha is a good choice.
您可以通过IP地址进行限制,但可以让许多人共享1个IP地址,例如小型学校或企业。它也很容易绕过因为代理是免费的和充足的。它也容易出错,因为有时负载均衡器会在会话期间更改IP地址。如果你真的想限制每人的投票数量,你最好的办法是要求他们登录用户账户并将投票存储在你的数据库中。
You could restrict by IP address, but its possible for a number of people to share 1 ip address, such as a small school or business. Its also trivial to bypass because proxies are free and plentiful. Its also error prone because sometimes a load balancer will change the IP address during a session. If you really want to limit the number of vote per person your best bet is to require them to login to a user account and store the votes in your database.
这篇关于基于IP或Cookie限制用户活动?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!