Security of Form using the How to Continue your form later guide / Session Multiple Upload Problem

  • Profile Image
    tower59
    Asked on May 29, 2012 at 06:50 AM

    I am wondering about the security of this. If the form contains sensitive information, could someone access the session by guessing who a respondent might be and entering jotform...?session=example@bigcompany.com?

    Also, if the form is embedded in my site, is it possible to link the user to my site rather than to jotform directly? Thanks.



    This is a re-post of a comment on How to Save Forms and Continue Later

  • Profile Image
    Mike_T
    Answered on May 29, 2012 at 05:43 PM

    Thank you for contacting us.

    Yes, it is possible access the session by guessing the email address in provided example.

    However, you can add the {id} parameter to your session variable, so that no one will be able to hack it.

    Example: ?session={email4}-{id}

    {id} parameter is being generated automatically by our system.

    Also, if the form is embedded in my site, is it possible to link the user to my site rather than to jotform directly? Thanks.

    Can you please clarify that inquiry?

  • Profile Image
    tower59
    Answered on May 30, 2012 at 10:29 AM

    Thanks for answering my first question.

     

    I am currently have a jotform embedded on a page of my website. The link that is generated to return to a previous session goes directly to jotform, not my site. Is there a way to have the link go to my site, and have the user resume their session on the form within my site.

     

    Thanks

  • Profile Image
    mliz
    Answered on May 30, 2012 at 10:41 AM

    To redirect users to your own Thank You page after form submission, please follow these steps
    on the form editor:

    1. Click on "Setup and Embed" tab on the form builder toolbar
    2. Click on "Thank You" button on toolbar,
    3. Select "Custom URL" and click "Next"



    4. Enter URL of the success page on your site.



    Let us know if you have further questions.

  • Profile Image
    nigelt
    Answered on June 11, 2012 at 11:09 AM

    Thanks Milz, but I am actually talking specifically about saving a form to come back later. Following the instructions, plus the additional instructions that Mike_T provided to make the form more secure, the link is something like form.jotformeu.com/form/12349830?session=example@example.com-87401923958

    That link takes the user to a blank page with just the form. However, I would like the user to be directed to my site with the form embedded. So far having an embedded jotform works great except for saving a form to return to later. Any help would be greatly appreciated, thanks!

  • Profile Image
    NeilVicente
    Answered on June 11, 2012 at 03:02 PM

    @nigelt

    There is a way to redirect your users to the embedded form on your site. However, you will need to make a few changes with the way you embed the form and with the "continue" link that is posted on the "registration" form's thank you page and in the confirmation email sent to your users.

    So instead of http://form.jotformeu.com/form/12349830?session=example@example.com-87401923958, you will give them a link that will point to your site such as http://www.yoursite.com/form/12349830?session=example@example.com-87401923958

    You will have to modify your embed codes too. Click here to see the modified codes.

    Here is a demo of the workaround in action:

    http://www.sranrrr.com/continue-save.html?session=xyz@jotform.com-321311130

  • Profile Image
    tower59
    Answered on July 03, 2012 at 01:28 PM

    Neil, thank you very much. I was able to get this to work, except for file uploads. I am creating a form for a user to upload lots of documents at once. Each upload link allows multiple uploads, and there are 3 pages in total. The form is linked to drobbox.

    The form is here: https://simple409a.com/upload/?session=user@company.com-1234567890

    When the user uploads a file on page 1, then clicks "save and go to next", and then hit back, where they previously uploaded files, rather than showing the file name, they see this:

     

    https://submit.jotformeu.com/uploads/tower59/21413034283341/207145353614482907/_a_href_https_submit.jotformeu.com_uploads_tower59_21413034283341_207145353614482907_circle_line.jpg_target_blank_circle_line.jpg_a_

    Also, if they close the tab after saving, all the fields are saved, but all the files are gone

  • Profile Image
    Mike_T
    Answered on July 03, 2012 at 04:50 PM

    I have escalated this issue to our Development Team.

    In the meantime, you may use Single Upload fields as a workaround.

    We will update this thread as soon as we have any news.

  • Profile Image
    ywamharpenden
    Answered on July 10, 2012 at 12:01 PM

    Hi Neil

    I have tried the solution above. I am only receiving 404 errors though using the continue later url. The form is being embedded on a wordpress site. The url of the form is http://www.ywamharpenden.org/dts-application

    The url of our form is http://form.jotformeu.com/form/21303331423335?

    I haven't yet added the id security to the continue urls but intend to. I was assuming though that shouldn't necessarily stop the ability to contine to an embedded form.

    I have also tried using the above example within a page template so that it is hardcoded into the page. This again results in a 404 error.

    Thanks

     

    Daniel

  • Profile Image
    Mike_T
    Answered on July 10, 2012 at 05:55 PM

    Hello Daniel,

    It looks like you have managed to solve the problem.

    The following test session URL is working fine from my side.

    http://ywamharpenden.org/dts-application/?session=qwerty

    If you need any further assistance, please let us know.

  • Profile Image
    ywamharpenden
    Answered on July 11, 2012 at 08:07 AM

    Thanks for your help. Seeing your url I realised what the problem was. 

    In the above example the urls were given

     

    So instead of http://form.jotformeu.com/form/12349830?session=example@example.com-87401923958, you will give them a link that will point to your site such as http://www.yoursite.com/form/12349830?session=example@example.com-87401923958

     

    I was then using urls similar 

     

     

    http://www.ywamharpenden.org/dts-application/form/21303331423335?session=email@example.com

     

    By removing the /form/ from the url enabled them to work.

     

    http://www.ywamharpenden.org/dts-application/21303331423335?session=email@example.com

     

    For any other Wordpress users this works by simplying using the embed code from the link earlier on a page.

  • Profile Image
    ywamharpenden
    Answered on July 11, 2012 at 10:27 AM

    I was wondering for the embed code is there a way to have the iframe not need to scroll but it would adapt the form to it's relative height.

     

  • Profile Image
    ywamharpenden
    Answered on July 11, 2012 at 10:41 AM

    Just did a test and the normal wordpress embed code works fine with the continue link. This also removes the multiple scroll boxes created from the iframe embed.

  • Profile Image
    NeilVicente
    Answered on July 11, 2012 at 11:03 AM

    @ywamharpenden

    I have finished updating the modified embed codes. It is now using the script method (as opposed to iFrame) to allow dynamic resizing of the form.

    Simply replace the URL in the link above with the URL from your form's Embed <> codes.

    For example: http://www.jotformeu.com/jsform/21613953652353

  • Profile Image
    ywamharpenden
    Answered on July 11, 2012 at 11:15 AM

    @NeilVicente

    Thanks. I had tried it with the standard wordpress embed code which I found worked with the contine form link. Is there something in the modified embed codes that works better for this method?

  • Profile Image
    NeilVicente
    Answered on July 11, 2012 at 11:51 AM

    Those codes are adapted to work with the solution I have offered in this thread i.e, using session variables in a form that is embedded on an external page.

    I don't think it is possible to use session variables (save form to continue later) for embedded forms if you use the standard codes.

  • Profile Image
    NeilVicente
    Answered on July 11, 2012 at 11:52 AM

    Sorry about the erroneous statement above. Apparently, it does seem to work now.

    Edited to add:

    My tests confirm that using unmodified "script-based" embed codes will work. Found no luck using iFrame-based codes.

  • Profile Image
    ywamharpenden
    Answered on July 11, 2012 at 12:40 PM

    Thanks Neil. Loving the flexibility and possibilities of jotform.

  • Profile Image
    tower59
    Answered on August 27, 2012 at 04:39 PM

    Thanks Mike and Neil, this has been working great for us so far. However, the multiple file upload still isn't working with the save function. Is that something that is in the development pipeline? It would make a big difference to us.

  • Profile Image
    Mike_T
    Answered on August 27, 2012 at 04:42 PM

    You are quite welcome. Yes, that bug report ticket is still in Developers' queue.

    As soon as we get it fixed, we will let you know.

    Thank you for your patience in this matter.

  • Profile Image
    guest_23097608109052
    Answered on November 05, 2012 at 10:04 PM

    I am using this same method only I can no get the matrix feilds to save. Any Ideas?

  • Profile Image
    jeanettebmz
    Answered on November 05, 2012 at 10:18 PM

    @guest_23097608109052

    Can you please open a new thread and let us know more details such as your formID , so we can help you further?


  • Profile Image
    guest_23097608109052
    Answered on November 05, 2012 at 10:48 PM

    http://form.jotform.us/form/23095933072151

  • Profile Image
    guest_23097608109052
    Answered on November 05, 2012 at 10:56 PM

    I also added the www and that still did not work?

     

    Also is there anyway to have an embedded form within wordpress and have it so when a user is logged in it remembers there session for the form so when they come back they can continue where they left off?

  • Profile Image
    jonathan
    Answered on November 06, 2012 at 12:22 AM

    Please do create your own topic. Click on this link to do it.

    As for an immediate answer to your initial inquiry -- please clarify where the matrix field cannot be saved? 

    For the second, -- even on WP site, the technique describe here "How-to-Save-Forms-to-Continue-Later" will also work.

    Thanks.