I think the monastery use an IP based system,
but it's not foolproof and you will block all the people
behind the same router
(in the case of lan doing NAT behind a router )
after the first vote...
Forget cookies or UserAgent or referers...(too easy to delete/fake IMHO)
A possible way could be to have a challenge
with one part computed by the client (java class?) with client hardware's info as part of the computation to ensure uniqueness
I've never went into this although, I was just wondering...
To step away from theory, and give more details :
- Don't forget to store somewhere those who have already voted
- A challenge to prevent replay attacks
- using client hardware's info (MAC address,CPU ID in some case,DMPI/BIOS info...) for uniqueness
- Java class for client side (and WEAK obfuscation)