On Sun, 2012-01-01 at 11:49 -0500, Tedd Sperling wrote: > On Jan 1, 2012, at 11:26 AM, muad shibani wrote: > > > I have a website that posts the most important news according to the number > > of clicks to that news > > the question is : what is the best way to prevent multiple clicks from the > > same visitor? > > Not a fool-proof method, but use Javascript on the client-side to stop users' from continuous clicking. > > Then create a token and verify the click on the server-side before considering the click as being acceptable. > > Cheers, > > tedd > > > _____________________ > tedd@xxxxxxxxxxxx > http://sperling.com > > > > > There are still problems with this, GET data (which essentially only what a clicked link would produce if you leave Javascript out the equation - you can't rely on Javascript) shouldn't be used to trigger a change on the server (in your case a counter increment) I did something similar for a competition site a few years ago, and stupidly didn't think about this at the time. Someone ended up gaming the system by including an image with the clicked-through URL in the src attribute, and put that on their MySpace profile page, which had more than a few visitors. Each of those visitors browser attempted to grab that "image" which registered a click, and because of the number of unique visitors, the clicks were registered as genuine. I'd recommend using POST data for this reason, as it's a lot more difficult for people to game. -- Thanks, Ash http://www.ashleysheridan.co.uk