Hi - I hope someone can help!

I've installed a cookie script on a webpage that redirects the visitor to certain page on my website, if the cookie is detected. It's set to expire after 24hours (although I'm not sure if I used the right code), and I tested it, and it works fine.

However, if I change the date on my computer to tomorrow, it "tricks" the cookie into being ignored. Is there a way to stop this from happening? I only want visitors to access the cookie page once in 24 hours - the page contains a poll and I only want them to vote once in a 24-hour period. I don't want anybody cheating by tricking the cookie, over and over again....

Here is the script:

<script>

// page to go to if cookie exists
go_to = "http://www.buzzthebiz.com/htm/Forms/nobuzz.htm";

// number of days cookie lives for
num_days = 24;
function ged(noDays){
var today = new Date();
var expr = new Date(today.getTime() + noDays*60*60*1000);
return expr.toGMTString();
}

function readCookie(cookieName){
var start = document.cookie.indexOf(cookieName);
if (start == -1){
document.cookie = "seenit=yes; expires=" + ged(num_days);
} else {
window.location = go_to;
}
}

readCookie("seenit");
// -->
</script>

Thanks in advance for your help!

Deb

remember that I can still delete the cookies :) without changing the time.

You may need to allow only registered members to vote and use a php script + database to keep track of who has already voted.

Yep, forgot that part, although deleting a specific cookie may be too much trouble for some people to go to, especially if they don't have any knowledge about cookies.

So, are you saying there's no way of getting around this?

I did originally try to look into php/sql databases, but I know nothing about programming and I don't have time to learn before the launching date of the site. I posted a thread in Web Hosting to see if anyone has any reccommended "Paid" membership software/sites I can use....if I can find a good, cheap one, I'll use this if I start to get any abuse.

As far as cookies go, can someone instruct me on how to log the IP address of the visitor within the same script I'm already using? That way, if someone does abuse it, I can block them. Oh, I need to know how to do that too! I guess I have to create some kind of document the cookie reads from that contains Blocked IP addresses...if that's possible!

Thanks!

Deb

If they don't know how to delete cookie, they wouldn't know about changing their PC clock :)

Logging IP can be useless to those using dialup or having dynamic IP's.

True!

Guess I'll have to add an ID section on the page to identify the voter after all...

Thanks!

However, if I change the date on my computer to tomorrow, it "tricks" the cookie into being ignored. Is there a way to stop this from happening? I only want visitors to access the cookie page once in 24 hours - the page contains a poll and I only want them to vote once in a 24-hour period. I don't want anybody cheating by tricking the cookie, over and over again....
The trick is to ignore the time on the PC as far as the cookie is concerned. Set the cookie to never expire, and embed the server time in the cookie, preferably encrypted so they can't alter it. Then get the server code to delete the cookie if it has expired according to the embedded time. Not as neat as your solution, I know.

This is unlikely to happen in real life and it might be that you'd do better at stopping false votes by checking against the number of votes per IP or similar. Or not hand out a cookie in the first place if they were voting too often, and not allow a vote unless they have a cookie with a magic number, their IP and the time, all encrypted.

I appreciate you taking the time to respond. However, it's all gobbleygook to me! I wouldn't have the first clue how to do that (no programming experience!).

I'll figure something out later if it becomes a problem...

Thanks!