Currently i am working on a project in which we are tracking and limiting fake post requests, so we are tracking them using IP and Session. but we are facing three major problems for that (1) All the people from the same proxy server will have same IP, (2) If a person disable cookies, then session won't work, (3) if someone uses a script for post request then every time he'll have different session id so he can make any no of requests using IP spoofing.
i just wanted to know whether there is any other method to implement this, or it can be done with some modifications in my current approach.
i am using rails for this and i am implementing all as a gem.