Hi Joseph,
from my experience it's really impossible to ensure that. No matter, there are some techniques that can be used to mitigate the voting-spam, none of them definitive:
1) Use "very-persistent cookies" when a vote has been performed. Nowadays, it's possible to have information not only stored in standard cookies but in a lot of places like HTML5 session/local/global/database storage, history, etags... surely that requires some JS script in charge of setting/retrieving the information in all those places. So, no matter somebody deletes his "standard" cookie (the ones everybody is aware of), the JS still will find it in other places. I'm sure I've seen some JS library achieving that in a transparent way.
2) Require/detect JS is enabled.
3) Require/detect some cookies/information in the session to proceed to vote. Only if the process is correct (the user has got a moodle session cookie, has followed a serie of steps...before arriving to the "voting" page) it's given certain cookie (let's call it "key cookie").
4) Ask for some "anonymous information" like birthdate, name initials..., it's not sure "per se" but helps sometimes (explained later).
5) Require/suggest some sort of widely-available authentication. Nowadays everybody has a google/twitter/facebook account somewhere. You can ask users to authenticate (OAuth) there before anonymously voting.
And sure that there are more ways... but in any case... I think that the important point is that you NEVER should be preventing multiple votes. Instead you should be accepting all them and, later, have some "filtering" in charge of searching and destroy possible voting-spams.
So, with every "vote", you store as much information as possible (time, IP, key cookie, js enabled, existing cookie, birthdate, initials, oauth....) and later look for spams.
Note that's my personal POV, of course you can decide to explicitly stop allowing dupes in the situations you are 100% sure it's a true dupe of fake vote. But that only will warn spammers, so they will change of browser, use antonymous one, or make their voting bots cleverer. As said, it's impossible to prevent all them.
I think the tricky part is to decide how deep you want to go combining all those techniques and how/when they are applied.
Just my 2 cents, based in some public surveys I was in charge of some years ago. Ciao 
PS: Ah, I forgot it. email-verification is another good technique that can be used. You ask every voter for an email (of course stating it won't be ever be stored, privacy and so on) and, after voting, an email with a link containing a secret is sent (and the secret is some hash of the email entered, stored in the DB and obfuscated in a reversible way in the mail !). The user gets the mail, clicks the verification link and the server reverses the obfuscated secret marking the vote as verified. Again, not 100% bullet-proof, but another way to fight against spammers (because the same email address will lead to the same secrets stored in DB, easy to look for them later).
