How can I track a unique user in PHP? (Prevent user from voting more than once) (Please read details for the complications)

Question

I want to keep track of a user so they don't vote twice in a poll. I don't want to use an IP address because the application I'm creating is targeted towards a campus and many people will have the same IP address because the wireless network uses NAT. Also, I don't want to use cookies or Session ID because those can easily be deleted.

How can I do this? Or am I out of luck?

I've looked at this question: How to identify unique user?. There are some answers that say that browser fingerprinting could be a way that Urban Dictionary prevents multiple votes. How would I accomplish this?

EDIT: One thing I certainly can't have in this application is user login. It defeats the purpose of the app.

The only way todo this is to implement a user system where only logged in users can vote — Lawrence Cherone, Feb 26 '12 at 14:01
possible duplicate of [How to identify unique user?](http://stackoverflow.com/questions/2495749/how-to-identify-unique-user) — Your Common Sense, Feb 26 '12 at 14:01
And how do you prevent an user from creating more than one account? Or having multiple browsers on their computer? Or having multiple computers? The only way I can see is to only allow polling from physically secure stations and then doing some sort of finger print/photo id/or maybe dna testing. — Cerad, Feb 26 '12 at 14:36

score 2 · Answer 1 · answered Feb 26 '12 at 14:03

I'm going to assume browser fingerprinting is reading the user agent string, which is not reliable as the user agent string can be changed in most browsers these days.

If you're wanting to uniquely identify a user, then only allow voting by logged in users, and if it's targeting to a campus only then all students will have an email address, i.e. first.last@schoolname.sch.uk or whatever your domain is.

score 0 · Answer 2 · answered Feb 26 '12 at 14:06

Individual techniques may not be powerful enough, but combined, they could be very useful. For example, you could say:

if IP is the same AND browser is the same AND operating system is the same OR cookies are present

Then disallow voting. Obviously, There are many more techniques that could be used in conjunction with this (such as browser fingerprinting).

Another option would be to simply require users to be logged in to vote, and ensure that each has a distinct email address.

Not sure why this was downvoted, it's a reasonable solution. — rorymorris89, Jan 20 '17 at 15:22

How can I track a unique user in PHP? (Prevent user from voting more than once) (Please read details for the complications)

2 Answers2