Published 2 months ago by pickab00
Is it possible to like and dislike a post without logging in? I have seen websites use likes and dislikes without login but I don’t know how. They do not require to be logged in and once the post is liked, it can not be liked again when refreshed or even when the cookies are deleted. An example can be found here.
Edit: Link removed for obvious reasons
First of all, how did they make the react buttons? (Those emoticons below).
And second, the comment section. You are able to like it without logging in. What is the logic behind this?
Clicking the icon and registering the vote is the simple part (just a guest post to site)
The tricky bit is to stop you doing it multiple times. They could be using client fingerprinting?
Exactly! That is what’s grinding my mind. I don’t see anything unique in js either. Obviously everything is being handled by the controller but I can’t think of anyway they could stop from voting agin. Unless they are taking the IP. But that would be just way too stupid as IP is per router and that will stop from voting anyone else who is on that same network.
Sorry. Well the first request works but afterwards it doesn’t even budge. I mean, you can like comment or react to the post only once. After that it doesn’t get stored i assume. These are all assumptions based on what i am able to see. And i see the reacts and likes being blocked after you have reacted or liked once.
So what you are saying is that an ajax is sent over everytime you hit the faces? But once refreshed, it does not count?
I'm saying you can hit the face and a record is sent to the server each time. Since the votes are percentages its impossible to say if the vote is registered because you don't know how many other votes there have been. For instance, if there were 10,000 votes then you would need to press 100 times for the percentage to increase.
However, thats beside the point. If you want to avoid a guest voting twice then you have to resort to fingerprinting with a library such as https://clientjs.org/. Its not foolproof though and it would be trivial for someone to post votes using guzzle.
Interestingly, the site's back-end is built with Laravel.
@Snapey Yes it is built on laravel. That is for sure. Also I looked at clientJS and the fingerprint idea is good. So what you mean is that even though fingerprinting is used, there is a way to fool the system and give multiple votes correct?
What are your thoughts on how they are doing it?