Ticket #2116 (new defect)

Opened 9 years ago

Last modified 8 years ago

One entry per user should go

Reported by: gracinet Owned by: trac
Priority: P2 Milestone: CPS 3.4.10
Component: CPSCollector Version: TRUNK
Severity: critical Keywords:


Collector documents have "one entry per user" checked by default. For anonymous users, this means one entry per IP address. Almost every production instance is behind a reverse proxy. Therefore this option means that each entry erases the previous one, at least for anonymous users, since the IP address is the reverse proxy's for everyone.

This option must absolutely not be checked by default in the short term. In any case, the IP address should either be improved by using the user agent's (if available in the headers) or simply dropped in anonymous mode, (for corporate people using a forward proxy, the problem will be there anyway).

Change History

comment:1 Changed 9 years ago by madarche

The true IP, behind the reverse proxy, of the submitter is now used. One has just to configure the zope.conf by setting the "trusted-proxy" configuration option to the IP address of the reverse proxy.

comment:2 Changed 9 years ago by madarche

So the only problem case that is still present is the case of corporate people behind a forward proxy doing anonymous submissions on a "unique_submit" collector document.

Using the user agent string won't improve the situation very much in this case, since very often in such an organization users tend to have a standardized web browser.

So the best solution in this special case (anonymous + unique_submit) would be, in my opinion, to set a cookie to the anonymous user.

comment:3 Changed 9 years ago by gracinet

And what if the user changes browser, has several terminals (very common nowadays, because of smartphones) etc ?

Sorry, but this is making promises we can't keep, therefore leading to false results. In the current state, this is prone to catastrophic data loss. Online forms tend to be sensitive : imagine an online booking for an event and the form creator checking this option because it felt "safer". The very best we could make would be to declare a few set of fields as discriminators, warn the anon user if she's going to overwrite an existing entry… Too much work for a component I'd like to trash asap.

comment:4 Changed 8 years ago by gracinet

  • Milestone changed from CPS 3.4.10 to CPS 3.5.3

comment:5 Changed 8 years ago by gracinet

  • Milestone changed from CPS 3.5.3 to CPS 3.4.10
Note: See TracTickets for help on using tickets.