rating system: storing username/ip in db or cookies?

I'm creating a simple thumbs up/down rating system. A user can simply click up or down, and total number of thumb ups/down is stored in db. I don't want the user to be able to vote multiple times However, I don't want to store the IP address or username of the user to check if it has already voted or not, because i think it will be pretty much mess in 开发者_开发问答database. I'm confused, if I can use some alternative approach (for example storing the username,and item name in the cookies, so that it can prevent at least for some time. Please let me know if storing (username, item-id) in db is good approach or storing in browser cookies? Thanks.

If you want to prevent multiple votes from the same user then you have no choice but to store their vote state on your server, anything on the client can be edited.

You refer to username which indicates that users have an account. If that is the case then you can store the item id and the user id in a table and use that to block any subsequent votes, hiding the vote options or showing the users current vote status.

You would only have to store IP addresses if users don't have accounts. However it is worth mentioning that an IP does not uniquely identify a single person/pc. For example any of the 1000+ people surfing the net from my office will use the same internet facing IP address.

As cookies can be trivially culled/edited you really need to use a database for this purpose and force each user to login before they can vote. (It sounds like you're already doing this from your use of the term "username".) Sadly, IP addresses aren't much use these days for uniquely identifying users in a reliable manner.

Additionally, in the database "votes" table schema you should have a UNIQUE KEY in place that ensures there can only be one vote per user on each "parent" object.

Database would be more secure in general.