Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
A change to the Webform module to allow for cookies as the only type of validation for a user. Less secure, but allows several anonymous voters behind a single IP address to vote freely on a Webform.
Changing the option in admin/settings/webform from:
[ ] Allow cookies for tracking submissions
To something more like:
Track anonymous submissions by:
( ) Cookie (least secure)
( ) IP Address
( ) Both IP Address and Cookie (most secure)
Comment | File | Size | Author |
---|---|---|---|
#32 | webform_cookie_only-246470-32.patch | 5.09 KB | quicksketch |
#31 | webform_cookie_only-246470-31.patch | 5.01 KB | quicksketch |
#30 | 246470-30-webform-allow_cookie_only_submission_limit.patch | 2.43 KB | grndlvl |
Comments
Comment #1
xmacinfoI agree. Current limitations are not adequate for anonymous users.
When first using this module, I erroneously thought limitation was based on IP. I would welcome any change where limitation would be more friendly for anonymous users.
However, my first wish is for limitation by IP for anonymous users.
Comment #2
quicksketchxmacinfo, they currently should be limited by IP already.
If it's not however, after these changes it definitely will be. :)
Comment #3
xmacinfoI forgot to mention that I'm using 5.x-1.10. With this version a limit will also limit anonymous user too strickly, whatever their IP.
Should I consider upgrading to 5.x-2.0-beta3? Usually I try to install only release version.
Comment #4
goldoak jp CreditAttribution: goldoak jp commentedI'm having problems with this issue also - using 5.x-2.0-beta3 - where the submission limit applies to anonymous users regardless of IP address.
So it allows 'only one anonymous user submission' - instead of allowing 'only one anonymous user submission per IP address'.
Any chance there will be a patch available soon? Or some instructions for a fix?
Even it is just to limit anonymous submissions by IP address, that would help.
Otherwise, the module works great for unlimited submissions or for limited submissions by authenticated users.
Thanks
Comment #5
xmacinfoWell, you do experience the same issue I'm experiencing with 5.x-1.10. I guess I won't install 5.x-2.0-beta3, after all.
I would also like to know how to fix the issue.
Comment #6
mgenovese CreditAttribution: mgenovese commentedTo make this functionality complete, I would add the fourth option to have NO anonymous user validation. This would be most useful for debug when users have problems submitting forms.
Comment #7
quicksketchNo validation seems like it'd be unnecessary. You can just set the option to not limit the submissions right?
@aabdallah, you were planning on implementing this I thought. Is that still the case?
Comment #8
mgenovese CreditAttribution: mgenovese commentedNo, because that affects registered users submission restrictions. I'm looking for a way to absolutely turn off any type of anonymous user validation, essentially for the time when problems arise with anonymous users.
Comment #9
quicksketchMarking as won't fix as there is a lack of interest in implementation. Please reopen if interested in implementing.
Comment #10
xmacinfoLooks like this is already implemented. At least in the 6.x-2.3 version. So the fix might be there for older versions as well and in 5.x-2.3.
See Avanced options:
[√] Allow cookies for tracking submissions
Cookies can be used to help prevent the same user from repeatedly submitting a webform. This feature is not needed for limiting submissions per user, though it can increase accuracy in some situations. Besides cookies, Webform also uses IP addresses and site usernames to prevent repeated submissions.
I have not tested these options yet, though.
Comment #11
quicksketchThe allow cookies option has been there since the 1.x releases, it adds cookies in addition to username or IP detection.
The real complaints here probably stemmed from the IP Detection not working adequately, where it wasn't checking X_HTTP_FORWARDED_FOR, so an entire group of computers might not work if they were behind a proxy server. So currently the system is now set to check this value, so it significantly reduces the likelyhood of this problem.
Comment #13
kufeiko CreditAttribution: kufeiko commentedThere's my dirty hack for 6.x-2.8.
***I'm doing this just for one survey, please consider before applying!***
To allow voting of multiple users behind single IP, I did the following (webform v. 6.x-2.8!!):
In 'webform_submissions.inc', at line 269 (the last SQL query in the file) I leave just the second part of the OR statement, so the line becomes:
"WHERE (uid > 0 AND uid = %d) ".
Generally, this way the IP address just don't get checked. That's enough for me, but keep in mind that this way you rely on cookies only for tracking if user has voted. Cookie removal, as you know, is easy. Also that easy is 2nd voting from a different browser.
Comment #14
quicksketchReopening this so that I can redirect other tickets to it:
#629146: User validation cookie deleted after refresh
#574280: sumission limit for anonymous users in the same network ( same IP Address)
Comment #15
NZWayne CreditAttribution: NZWayne commentedI am using Webform 6.x-2.10 and have tried #13's hack but it has not made this work for me, I get no difference what so ever. I have 50 users using Thin Clients and Remote Desktop, each having the same IP address, the Webform has to be anonymous, it works if I make it Unlimited but not if I make it Limited to 1 submission, which is what I need, and would really appreciate any help that I can get what so ever please. Thank you in advance.
Comment #16
petertoen CreditAttribution: petertoen commentedI back NZWaynes request for a possibility to switch off IP checking when restricting the number of submissions in a webform. I would realy apreciate it if this could be provided.
Comment #17
loophole080 CreditAttribution: loophole080 commented#13 worked for me using webform 6.x-3.4 (line 446 in webform_submissions.inc')
Comment #18
Danny EnglanderUnfortunately I could not get # 13 to work with webform 3.6. It looks like the query has changed but I am not sure. I also have a situation where I will have multiple people submitting from the same IP and want to impose a limit of 1 for each person using only cookies.
Comment #19
rp7 CreditAttribution: rp7 commentedIn all honesty, this is major, perhaps even critical? At the moment, if restricting submissions to 1, your webforms are pretty useless for intranets...and for users working behind the same IP.
For whomever want's a quick (but dirty) fix in 7.x-3.9 (probably similar in 6.x-3.9 - haven't checked):
Change webform.submissions.inc (starting at line 808)
to
This skips restricting submissions based on IP, and only uses cookies. Far from ideal, but does what I currently need.
Comment #20
Danny Englander@RaF007 I noticed that you changed this to Drupal 7. Is there a chance you can open a separate issue and this issue can be changed back to Drupal 6 as it was originally opened for?
Comment #21
quicksketchIt doesn't matter which branch it's in, the 3.x versions of Webform are maintained in sync and both versions get features at the same time. There's no need to have two issues for the same feature request.
Comment #22
hixster CreditAttribution: hixster commentedsubscribing
Comment #23
bluemuse CreditAttribution: bluemuse commentedYes, please, to this feature! We're using webform to run a nationwide survey and some of the respondents are working in an office using one IP.
Comment #24
jlea9378 CreditAttribution: jlea9378 commentedI would also like this feature. We have computer labs where different users will be logging into the same computers, and so the IP address will remain the same but the cookies will be different.
Ideally I would like to be able to choose on a per webform basis whether to limit by IP address, cookies, or both (as opposed to a global setting). Not sure if that's doable though.
Comment #25
rv0 CreditAttribution: rv0 commentedA workaround for all this is adding an email field, and in the field settings ensure that only unique submissions are allowed, and prefill it for logged in users.
Comment #26
jjma CreditAttribution: jjma commentedIt would be nice to have this as a feature within the version 6 module. As it was point 19 worked for me using the 6 branch of web form.
Jon
Comment #27
markabur CreditAttribution: markabur commentedOh! I had assumed that the existing cookie implementation was there in order to *allow* multiple submissions per IP, not to block them. I'm definitely interested in a way to restrict forms to one submission per computer, ignoring the IP number.
Comment #28
amaisano CreditAttribution: amaisano commentedGreat tip @rv0! Works with 6.x too - thank you.
Comment #29
jmrivero CreditAttribution: jmrivero commentedHow about move the cookie check and return inside the uid=0 and webform_use_cookie conditional and leave the validation with the database and cookie untouched outside like this?
Comment #30
grndlvl CreditAttribution: grndlvl commentedHere is a patch that adds a setting to check cookie only. Maybe there should be yet another settings to check cookie & user?
Comment #31
quicksketchThanks @grndlvl for your patch! That definitely demonstrates this is not a particularly challenging option to add. Rather than using two checkboxes (one of which hides automatically), I find it to be more intuitive to use radio buttons with 3 options:
Other than the name of the option, this patch uses the same approaches as yours. Thanks for moving this to 4.x also. Since new features are no longer being added to 3.x branches.
Comment #32
quicksketchRevised update hook that deletes the old setting "webform_use_cookies" and is double-run safe.
Comment #33
quicksketchCommitted to 4.x branch. Thanks @grndlvl!
Comment #35
modiphier CreditAttribution: modiphier commentedwebform 6.x-3.20
got half way through adding the patch and notice some of the variables change from user to account so I scrapped the idea.. Is there a patch for the version of webform I am using. I am having some idiots click more than once even though I have more than one html markup with a note in red to just click once. I can't limit to 1 per day or hour due to network users. I have the hide submit button module installed but can't seem to get it to see the webform submit button.
Any suggestions?
thanks,
Paul