Does cloudflare has anything to do with cookies?

So I have this polling plugin on WP site. It allows users to vote on a web page. The plugin allows me to do polling every 1 day by leaving a cookie to the browser. However. 2,3 minutes after, voting opens polling again. So I wonder if there is a cache issue or any other related issue with the on my server-side?
I have varnish turned off, no breeze or any other cache plugin on my site. I wonder if it is related with Cloudflare.
I am open to suggestions. Thank you for your help

Nope, Cloudflare does not tamper with cookies. It actually even skips caching when there are cookies included. The only way that could be is if you were to use a resource which was already previously cached, as in that case the request would never reach your server but would be served by the proxies.

The most likely reason, though, will be that your voting is based on IP addresses and you are not rewriting them. In that case it should actually be other way round and people would be prohibited from casting their vote even though they haven’t voted yet (because of the shared IP address) but the address can also change for the same user, allowing him to vote again.

To rewrite IP addresses → Restoring original visitor IPs – Cloudflare Help Center

Thank you Sandro for your information.

Well, Here is the thing. I tried the plugin on server-side by staging one. The plugin works right but when I try it on a Cloudflare DNS website, it again allows users to vote after 10-15 minutes. So I assume, it could be related to Cloudflare?

I have activated the WAF module of Cloudways which allows me to see the correct IP address of the users. That part works. But somehow, either user gets new cookies, or the old one is forgotten by the server due to something that cloudflare does? Not really sure how though. Appreciate your help

How do you make sure that people can’t vote twice and how did you configure the IP rewrite?

The plugin has an option that allows to vote once per day, but at the moment it works only with cookies.

As I understand it doesn’t check the IP of the user it only leaves a cookie and check it back when someone revisits the site. It works for 10-15 minutes then some how it allows voting again.

I was not referring to the voting system, but how you are rewriting IP addresses. Though if your check is only based on cookies, that won’t be Cloudflare related nor IP address related.

I don’t know. The plugin has a panel and shows the IP addresses. At first, it was showing only Singapore than I activated the WAF module on Cloudways. After that, I started to get the correct IP and location address. Though I don’t know how it rewrites or even if it does.Thank you for your help.

As mentioned if it is cookie based Cloudflare won’t be involved. Should that be server-side, then you’d need to make sure to rewrite addresses as mentioned previously. Maybe contact the developer and check with him why more than one vote is permitted.

I understand. It is just, when I tried it on the server side staging site, it does work properly. That is why I though maybe it was due to something that Cloudflare does that makes the visitor as if a new visitor. Is there something that does that?

Also I will check with the server side.

Cloudflare generally only tunnels traffic and does not change it (except for minification, but that shouldn’t be the issue), particularly cookies are untouched.

IMHO this will be an IP address issue.

Ok I will pursue this. What Should I tell my server supplier? About the IP address issue? Again thank you for your time and effort to answer my questions.

Exactly this.

I did as they instructed:

" In cloudways, if you are using Cloudflare and would like to see the real IP addresses of visitors coming to your website, then you can set Cloudflare under WAF Module . You may do it from the Server → Settings & packages → Advanced → Scroll down & you will see the WAF option https://i.imgur.com/PjJQUQd.png"

This module is on and I can see the real IP addresses of the users.

Then you should be fine as far as any IP checks are concerned.

It was a bug in the Plugin… The author sent me the updated version. The cookie time was not created properly which reset occasionally…ZZZZ THanks for the help

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.