5

It is the most easiest to describe my problem with a working example: even if you are not logged in, YouTube remembers what you have watched, and next time gives you suggestions based on previous watched movies.

My site is similar in a way: the users can vote on articles without logging in, and the site remembers votes with cookies. I have figured out a working method, but there has to be an easier way - also now the DB usage is anything but optimized.

For every visitor there is a check if he has the cookies. If yes I query his votes. If not I create a dummy user, and send him out the cookies. Now I store this users "last_visit" timestamp. After this everything is the same for both users. My problem is that my DB is filling up with dummy users, so I made my cookies expire in 3 months and my site regularly check which users didn't visit my site in the last 3 months, and deletes them from the DB.

I know I overcomplicated this, but my vote system is using AJAX, and I couldn't find a method to send out a cookie (and create the dummy user) only if a vote happens and not every time a simple visitor browses my site - without vote.

Also a note: I insist on using cookies - I know it would be easier to store IP-s when a vote happens, but there are schools, businesses using the same IP, and I like to allow their users to use my site.

What did I miss here? How can this be optimized?

ZTefter
  • 189
  • 1
  • 2
  • 11

1 Answers1

1

if they do not hold a permanent account, why store anything related to them in the database at all? just record their prior votes in the cookie. you would also store averall votes in the db, but anonymously, and not relate these to "users" at all.

dqhendricks
  • 19,030
  • 11
  • 50
  • 83
  • I should have mentioned this: my site give suggestions based on votes, like: "who voted on this also voted on these", so I have connect the votes in the DB somehow. Currently I use users for this (dummies or real users). – ZTefter Feb 17 '12 at 18:34
  • 1
    @ZTefter Got it. A little trickier. You could still record who voted for what by a random hash or something stored in the cookie. Just attach the hash to the vote records, but don't actually create user records. – dqhendricks Feb 17 '12 at 18:38
  • Ok, thank you, I think I'll try this. But I'm still stuck at the cookie creating part. The voting is a javascript AJAX function, which calls a PHP file with parameters. So theoretically this PHP should create the cookie, that would be the best, but I couldn't achieve this. Is it actually possible? Is this the correct way to do this? – ZTefter Feb 17 '12 at 19:31
  • @ZTefter If you are using AJAX, you would probably want to create the hash and the cookie with javascript, then simply send the info to PHP for saving. – dqhendricks Feb 17 '12 at 19:35
  • I thought about that, but I didn't want to make it visible for everyone how my hash is generated (since the JS code is visible for everyone) - I found it as a security hole. Also when I generate the hash it has to be unique (to separate the votes) so I have to make DB calls to see if there is a same hash, which needs PHP. – ZTefter Feb 17 '12 at 19:48
  • @ZTefter I don't see how people knowing how the random hash is created would affect security, it's only purpose is to uniquely identify an anonymous user. it would not allow access to any privileged information. if you are worried however, have PHP generate the hash, return the hash to javascript, then have javascript create the cookie with the hash. as for finding out whether there are duplicate hashes already in the db, well there should be assuming the user has voted before, so i'm not sure how you are going to do this without creating a separate table. – dqhendricks Feb 17 '12 at 19:58
  • @ZTefter you could have a table set up purely for creating unique ids. it would only have one auto increment field. if the user doesn't already have an id, you get one from the db, and use it in their cookie/votes. no hashing or random id generating required, but you do then have to make an extra db call. – dqhendricks Feb 17 '12 at 20:00
  • @ZTefter the reason for creating the cookie client side is because creating a cookie PHP side will not allow for the cookie to be read by javascript until a new page is loaded. – dqhendricks Feb 17 '12 at 20:06
  • Thanks for helping, I have finally made it. Now it still creates users, but only when a vote happens - I have found a way to call the JS, which passes the parameters to the PHP, and then that PHP creates the hash, the user and sends out the cookie. – ZTefter Feb 18 '12 at 09:34