Forgot to send to list. ---------- Forwarded message ---------- From: Ian <barnracoon@xxxxxxxxx> Date: Wed, Feb 18, 2009 at 11:12 AM Subject: Re: Re: Unique User Hashes To: Colin Guthrie <gmane@xxxxxxxxxxxxxx> 'Twas brillig, and Ian at 18/02/09 07:09 did gyre and gimble: > >> We dont have registration - its a once off vote anonymously using the hash >> in the original email. We dont want registration otherwise it would be >> much >> easier - but this was the best way I could think of without user >> registration :/ >> > > Do you have to invite people to vote or can anyone come along and cast? > > If the former you could email a UUID token to them or similar as part of > the link. Once that UUID was "spent" it wouldn't allow voting again. > > I say UUID as a regular auto-incrementing id would be fairly easy to guess > ;) > > Of course this may not be appropriate in this circumstance. > > Col > > Unfortunately its anyone can come along and vote - no email inviting :/ If you've already sent them an email with a hash in it, can you do something > like: > > - require the hash be pasted into a field in your voting form > - save the hash to a cookie > - if the cookie doesn't exist, prompt for the hash again along with a link > to resend the hash > > It's sort of 'login lite' in a way, but might be less oppressive than a > full login process. Same as above - wouldnt work because we arent recording that info...
