I run a contest website with 250,000 visitors a day, and the rules state you are allowed to vote once per day. I am basing whether they have voted or not on their IP address. Well, people are finding ways to get around this, using Proxy or Cell Phones, or simply shutting off and on their modem to generate a new dynamic IP address. Plus, people in corporations who share the same IP address are only allowed to vote once per Company, instead of once per person, so this is quickly becomming a poor method to ensure voting once per day.
Other methods I have considered are "cookies", but you can delete them to easily. Session variables, but they expire everytime you close the browser. CFID and CFTOKEN, but they change everytime you restart CF services, or restart the server.
I am considering making them login to vote, and authenticating their email address first. But even then, they could create 100 gmail accounts and thus 100 logins for my site.
Any other bullet proof ideas?
Secondly, CF is crashing a lot (2 or 3 times a day). I know it can handle 250,000 visitors a day. Are there any tuning recommendations you could make to keep it running 24/7? I'm using CF Standard 8.0.1 with the latest hotfix on Windows 2003 with IIS and all the latest updates. A Dell 2950 with 2 X Quad Core Xeon processors humming at about 30% usage at peak times. Java heap has 1024Mb assigned to the MAX value - JRUN using about 700Mb of that. 4Gb of ram and 2 x 15,000 RPM hard drives in RAID 1.
Absolutely guaranteed method - NO.
Let us know if you can find one...
You can assume: no cookie (containing date and time of last vote) == no vote today, make them persistent cookies and check last vote timestampt before enabling voteing...