0

I'm making a survey site and I'm trying my hardest to avoid user logins - I want people who answer my surveys to be anonymous members of my university, who open a link and answer the questions directly. So I'm tracking questions/surveys finished by the user through session variables

But what I don't want is one user submitting tens of questions/surveys by clearing cookies and thus effectively resetting his/her sessions. Anyone know how to deal with this?

(If anyone thinks of other ways by which people can make multiple submissions, let me know that too! I'm also looking at articles to prevent same users using different browsers)

populi
  • 23
  • 6

1 Answers1

0

Never trust the user. Ever.

You have a few options. All have pros/cons

  1. By IP address - limit responses to 1 IP address per computer. This suffers from dynamics IP address problems as well as only response is allowed per computer that holds its IP for long periods
  2. Send single use response token - Send every respondent a unique link. Each link contains a single-use token that may be redeemed to take one survey.
  3. Collect their email address - Redact this information in the results. I'm not sure of your setup, but I thought I'd mention this in case you're just the data middle-man
Andy Jones
  • 6,205
  • 4
  • 31
  • 47
  • So I guess I can identify users with both IP and Session-ID (if either changes, I can assume the other is the more reliable identifier of the user). but, do you have any suggestions on when both session AND IP change? (I don't expect to fully identify users without them signing up, I would be going against the tide of efforts for internet anonymity - but I want to minimize duplications as much as possible) – populi Nov 24 '13 at 20:33