Strategy for unique user-voting such as Stackoverflow's?

[adhelotattado]

I noticed that for voting SO implements an XHR method which POSTs to a posts controller and sends the post ID and vote type through the URL, in addition a \[code\]fkey\[/code\] parameter is sent, eg:\[code\]http://stackoverflow.com/posts/1/vote/2\[/code\]I'm going to be implementing a similar technique, I'm wondering what logic I could use to prevent duplicate voting by the same user and prevent spamming, in addition to overall logic when implementing this.The schema for the table I'll be storing them:\[code\]thread_id user_id vote_type2334 1 2\[/code\]So far I came up with these bullet points:

• ensure the user is logged in
• ensure that a valid post ID and valid vote type is sent
• ensure that after POSTing, the user has not previously voted
• the code that creates the hash can't contain dynamic information such as user agent, since a user could be on a different browser, different OS, right?

Update:"SO is probably using the login cookie to identify the user." - AndrewCould someone demonstrate how this would be done, or in other words more specifically provide an example of how the \[code\]fkey\[/code\], which is an alphanumeric 32-bit string, is generated?Question:

• since I'm not sending the actual user id anywhere with my XHR code, does this mean I have to update my table schema so that I can store the \[code\]fkey\[/code\] instead of say, the \[code\]user_id\[/code\]? The \[code\]fkey\[/code\] will probably have to be unique to each user, and so I can probably query whether there is a row in the voting table that has an fkey of whatever.

Would appreciate any tips or insight on anyone who's implemented a similar technique.