permanent session

Anon

Dear All,
I am building a pooling site using PHP 3.0. I am wondering how to make a cookie permanent so nobody can vote twice.
Right now the cookies I set stay in the browser as long as it's open.
Is there a way to make this permanent ? Or maybe is there any other way instead of using cookies to make stuff like this ?
Any advice would be much appreciated.
Thanks in advance,
Kiky

Anon

The answer depends on how secure and correct your
polling needs to be. Using cookies is unlikely to be
secure enough for any need, if by "using cookies"
you mean that you create a cookie that will somehow
identify a repeat visitor to your voting page.

This is fairly useless for many reasons:
<ul><li>Users can delete their cookie files and vote again.
<li>Users can connect from a different PC and vote again.
<li>Users can install a different browser and vote again.
<li>A different user coming to a PC where someone else already voted may be incorrectly prohibited from voting</ul>

I'm sure you can think of more...

Even the most secure login system, while it would be an improvement
over the cookie scenario, still has the problem of how do you prevent
people who have already voted (i.e. already have a login identity on
your system) from simply creating a whole new identity? I don't have
a good answer for this--my own professional attention recently has
been directed to ecommerce issues, where we don't care <i>one iota</i>
how many different credit cards you have, as long as any particular
one is valid at the moment you present it for payment. :-)

Anon

You need to set an expiration date for your cookie so that it doesn't end at the end of the browser session. Using the setcookie() function in PHP you can set it up like so:

setcookie('cookiename','cookievalue',(time()+2592000),'/','',0);

This cookie would expire in one month. You just need to change the time to whenever you want it to expire. You can also replace (time()+2592000) to "-1" and this should set the cookie to never expire if you don't want them to ever be able to vote again.

Troy

Anon

Thank you for replying.
Suppose, like you said, I set the cookie for one month, does it mean that the cookie will remain in the browser even after the user close the browser ?

Kiky

Anon

Thank your for your reply.
Since not all people like cookie in their computer, is there any other way instead of using cookies to make stuff like this in PHP ?
Kiky

Anon

Yes they would not be able to vote until after 30 days, which is when the cookie expires unless you put the date to never expire as I talked about in the earlier post.

If your just trying to setup a simple voting script then using cookies is probably going to be your best bet. As Kirk mentioned though if someone clears out their cache and removes the cookies off their system they would be able to vote as much as they want on your site.

One other solution would be user authentication with a database. Each user could have a username and password assigned to them to vote. After they voted you could flag their record in the database that they have voted. If they were to come back and try to vote again using their username and password you could check their record to see if they have voted before. If so then you could deny them the ability to vote.

Troy

Anon

The problem is you are asking the wrong question.
No one can give you some simple pointers toward
an effective technique to do what you want,
because the very concept of what you want is
extremely problematic if not outright impossible
with today's internet.

Your requirements are much harder than just
creating a secure site login, which basically
answers the question, Given that someone
created an account on our site once with
a given unique name and (securely-handled)
password, how likely is it that a subsequent
presentation of that name+password is actually
being given by the same individual?

The question you appear to be wanting to solve,
which is many orders of magnitude harder, is
this: given two different combinations of name+
password, how can we detect if these actually
represent interactions with <b>the same human
individual</b>?