SSL submission count increasing but I don't know why

  • Profile Image
    mtlscouts_committee
    Asked on December 06, 2012 at 01:23 PM

    I have 4 active forms.  Today I had a submission on 2 of the forms, from the same person.  I know that the person came to the main page using a link that I sent by email(I have a hidden field to track this).  The link was to http://www.jotform.ca/xxxxx(NOT https). From that main form, they clicked a link that opened up the second form in a new window.  The link is built using http (not https).  The user did a submit on both forms, about 1 minute appart. 

    For some reason, one of those 2 transactions was counted as a regular submission PLUS as an SSL submission.  I don't understand why it was counted as SSL.

    The URL indicated is the link used by the person to land on the site.  They then link to the alumni list page from the landing page.

    All of my forms are directly on jotform servers, and no source code is anywhere else.

     

    Please help;

     

    Arto

  • Profile Image
    fxr
    Answered on December 06, 2012 at 03:48 PM

    Do you have the form embedded anywhere?

    Your SSL count will not increase unless you have distributed a secure form URL somewhere.

  • Profile Image
    mtlscouts_committee
    Answered on December 06, 2012 at 04:49 PM

    My form is NOT embeded anywhere.  All access is directly on Jotform servers.  As mentioned initially, the person who made the two submissions connected with the link I provided, which was not secure.  They then used a link from one form to the other (which is also not secure).

    ???

  • Profile Image
    idarktech
    Answered on December 06, 2012 at 05:32 PM

    @mtlscouts_committee

    I can't seem to replicate the probem. I did submit a test submission using the provided form but it is counted as regular submissions. Can you check it further?

    Also, you had few forms I'd suggest to review your URLs. This shouldn't be happening unless one of your form uses https.

    Thanks.

  • Profile Image
    mtlscouts_committee
    Answered on December 06, 2012 at 06:12 PM

    I checked All of my forms.  The user got to the first form using the link I sent (which was http), because I see the parameter passed as a parameter on the URL in a hidden field.  The user then went to the second form using the link that is on the first form(which is also http).  Again, I know this because I see the parameter in a hidden field.

    Another submission was done on the first form more recently, but that one was recorded fine.  Could it be that when we link from the first form to the second form the user is switched to https even though the link is set up using http?

    Something definitely happend.

    Is it possible to confirm on your end that it was my Alumni form (23320517623243) that triggered the ssl submission?

    Thanks;

     

     

  • Profile Image
    fxr
    Answered on December 06, 2012 at 06:15 PM

    What is the first form id and we will try to retrace the users steps?

  • Profile Image
    mtlscouts_committee
    Answered on December 06, 2012 at 09:49 PM

    This is the link used to get to the first form:  http://www.jotform.ca/form/23215769312250?linkedFrom43=DirectShare

    At this time, I have received several more submissions on the first form, none of which triggered the SSL count to increase. With this info, I would have to assume that something caused the link to the second page to somehow be switched to SSL.

    Thanks for your assistance.

  • Profile Image
    jonathan
    Answered on December 06, 2012 at 10:51 PM

    @Arto,

    Hi, on this particular form.. http://www.jotform.ca/form/23215769312250?linkedFrom43=DirectShare , you mentioned you were able to identify those 2 transactions from the submissions? And they are supposedly not using https protocol...

    Can you please tell us those 2 transactions.. I am trying to look for it on your form's submissions data. Perhaps we can get info from there if the submission was done via https or not.

    Will await for your updates.

    Thanks.

  • Profile Image
    mtlscouts_committee
    Answered on December 06, 2012 at 11:22 PM

    Hi;

    On the first form (23215769312250), the submission ID was 220622660271556321.  About one minute later, the same person submitted on the other form (23320517623243).  The second form submission ID was 220622752271402729 (which is the only submission until now).I know based on the linked from value on the second form that the person linked from the first form to the second form.

    Thanks;

    Arto

     

  • Profile Image
    jonathan
    Answered on December 07, 2012 at 12:16 AM

    Hi,

    I am checking this.. and I need some clarification on the ff:

    1. How did the lone submission from this form http://www.jotform.ca/form/23320517623243 came about? Was the responder given a URL link to the form?

    2. If you are saying that this is the 1st form http://www.jotform.ca/form/23215769312250 -- is there a link on this form that will allow responder submit to the 2nd form (or access the 2nd form)  which is http://www.jotform.ca/form/23320517623243?

    3. I checked the autoresonder email of the 1st form (23215769312250) , I cannot find link that will go to 2nd form

     

    4. I did this on the URL.. as you can see it increases your SSL submissions count to + 1.

    (we can clear this so it will not count on your account)

     

    Will await your updated response.

    Thanks.

     

  • Profile Image
    mtlscouts_committee
    Answered on December 07, 2012 at 12:49 AM

    Jonathan;

    1. How did the lone submission from this form http://www.jotform.ca/form/23320517623243 came about? Was the responder given a URL link to the form?  --> There is a link directly on the first form, next to the name fields

    2. If you are saying that this is the 1st form http://www.jotform.ca/form/23215769312250 -- is there a link on this form that will allow responder submit to the 2nd form (or access the 2nd form)  which is http://www.jotform.ca/form/23320517623243?  -->  Yes, right next to the name fields.

    3. I checked the autoresonder email of the 1st form (23215769312250) , I cannot find link that will go to 2nd form  -->  That's right, there is no link from the autoresponder email.

    4. -->  Yes, I realise the if the person manually types in the url, they could use https.  However, unless they clicked the link(next to the name on the first form), and then, after being redirected to the second form, they changed http to https for no reasone, I see no other way.  The only way to get to that second form is to click through the first form.  When they do click through the first form, I pass a parameter on the URL, so that I know how they got to the second form.  You can see it in the link.  And the submission on the second form shows that the person came from the registration form (the first one).

    Lastly, yes, please do clear the SSL submissions count.

    Thanks;

    Arto

  • Profile Image
    fxr
    Answered on December 07, 2012 at 02:13 AM

    I have reset your SSL count back to 0.

    All the URLs used and lined to in the forms mentioned are using non-SSL links.

    --

    I am not sure what is going on, I havent seen an issue like this before, forms just dont magically starting using SSL URLs

     --

    As your SSL count is now back to 0, can we take a step back and just monitor this situation going forward? I have took a snapshot of your account so should hopefully get able to work out which form submissions are SSL.

    Let us know when & if you see your SSL count mysteriously incrementing again.

    Thanks.

     

  • Profile Image
    mtlscouts_committee
    Answered on December 07, 2012 at 09:34 AM

    Thanks for the reset, and for taking it this far.  By the way, I contacted the person who submitted the 2 transactions, and they indicated that they didn't do anything other than click through, and submit.

    I agree that at this point, monitoring would be the best idea.

    Thanks again

  • Profile Image
    NeilVicente
    Answered on December 07, 2012 at 09:47 AM

    @mtlscouts_committee

    If this problem recurs, there is a good chance that the secure URL of the form have been made known to somebody. In that case, I would suggest retiring (disabling) your form and replacing it with a clone.

  • Profile Image
    mtlscouts_committee
    Answered on January 09, 2013 at 11:48 AM

    My SSL submission count is going up again, and I don't know why.  The last 2 (and 3 of the last 6) submisions were all recorded as SSL submissions. 

    - My source code is NOT embeded anywhere.

    - Links that point to the page are all using the unsecured URL (http://www.jotform...)

    - Links that are posted elsewhere (2 on a web site, and one on a facebook event) all use the unsecured URL.  The web site links are on the following pages:

    http://homenetmenmontreal.com/

    http://homenetmenmontreal.com/event-items/homenetmen-gamk-scouts-leaders-reunion/

    and on facebook, it is on an event page for facebook user Homenetmen Gamk Montreal, with event title: Homenetmen Gamk Montreal Leaders Reunion .  The event can be found using: http://www.facebook.com/events/371903212901750

    Many people have registered already using these links (I know, because each of the links passes in a parameter which is saved in a hidden field), and have not triggered SSL submissions.  However, all of a sudden, 3 of the last 6 submissions have been recorded as SSL submissions.  As you can see, this also hapened in early December.  Since then, it was fine until now.  What's going on?

    Thanks;

  • Profile Image
    Welvin
    Answered on January 09, 2013 at 12:51 PM

    @mtlscouts_committee,

    I have cleared your form cache and reset your SSL counter. I hope this fixed the problem, if not, please get back to us.

    Thanks

  • Profile Image
    mtlscouts_committee
    Answered on January 10, 2013 at 06:16 PM

    Unfortunately it just happened again.  I have one new submission (at 5:03PM eastern time), with submission ID = 223664593411653347.  The person used a link that was provied via an email that I sent out several weeks ago.  I have asked the person to send me the email, but I am pretty sure it was not set up with the secured link.  Can the submission be traced back in the (web) server logs to see how the user landed on my form page?

    On another related note, i just realized that the {edit_link} that I have included in the notification email is built using a secured URL.  However in the autoresponder that goes to the user, it does not seem to be using a secured URL.  Why is it doing that?

    Please help...

  • Profile Image
    pinoytech
    Answered on January 10, 2013 at 09:12 PM

    @mtlscouts_committee,

    Can you please share with us the URL of the form for us to investigate the said issue?

    Thank you!

  • Profile Image
    mtlscouts_committee
    Answered on January 10, 2013 at 09:44 PM
  • Profile Image
    liyam
    Answered on January 10, 2013 at 10:21 PM

    Hello mtlscounts_committee.  As I could not access your facebook event page, can you check the link there if it goes to an HTTPS link?  I'm suspecting that that's the culprit since facebook uses SSL.

    Thanks.

  • Profile Image
    mtlscouts_committee
    Answered on January 10, 2013 at 10:45 PM

    I have already checked that, and it is not using SSL.  You can see the info in my first post on Jan 9.

    Also, the one that happened today was no from Facebook, it was from a link on an email, and the person just sent me the email, and the link they clicked is not using SSL. 

    Also, related to the second point I made earlier today (about our notification emails having the {edit_link} showing up using SSL)...  I checked all of the submissions notifications that I have received, and I am pretty sure that each submission that was counted as SSL ended up sending me the notification email having the {edit_url} show up with SSL.  There was one last month, and 4 in the last 2 days.  Of these 5, 2 were from facebook, 2 were from one email, and 1 was from a different email.

    Is there no way to check the web server logs.

  • Profile Image
    liyam
    Answered on January 10, 2013 at 11:11 PM

    Thanks for the details.  As how I understand facebook works, even when you share a non-SSL link, it will force the browser to use SSL (the clickable link you shared actually uses https://), although I'm not able to view the event since it seems to be private.  Also, unfortunately, we cannot identify if the submission used an SSL version or not for a specific submission.

    But if this is not the case, can you try saving again your form?  I'm thinking that re-saving will fix it.

    Thanks.

  • Profile Image
    mtlscouts_committee
    Answered on January 10, 2013 at 11:25 PM

    Liyam;

    Regarding the link I shared, the one that uses SSL, it is the link *to* the facebook page, not the link back to the form. 

    More importantly, we have received more than 25 other submissions linked from Facebook, and there were no problems with those.  In fact, 3 of the 5 SSL submissions came from 2 diferrent email links.

    As for re-saving the form, I do it a few times a day, since I update the form with the list of registered people.

  • Profile Image
    liyam
    Answered on January 10, 2013 at 11:40 PM

    Thanks for your reply, Arto.

    My only theory now is that there was a glitch somewhere when you have saved your form earlier when you have received some SSL submissions.  Anyhow, please do let us know if you get to encounter receiving a submission via SSL again.

    Thanks.

  • Profile Image
    mtlscouts_committee
    Answered on January 17, 2013 at 01:41 PM

    Well, it happened again.  A susbmission went through using SSL.  This can't just be a random glitch...

    What's more, when it does get registered as an SSL submision, the edit link that I provide in the autoresponder also gets generated using a secured URL.  So if the person ever edits their submission, then that edit will also be processed as an SSL submission.

    I think we really need to find out what's going on.

    Thanks;

  • Profile Image
    Mike_T
    Answered on January 17, 2013 at 03:25 PM

    I have reset the SSL counter to 0, and cleared form caches on our servers. Now the issue with SSL submissions is fixed for your form ID 23215769312250.

    However, I think that if you edit the form it may happen again. Do you use the httpS connection to edit your forms?

    Please monitor your submissions, and let us know if the issue is not completely fixed.

  • Profile Image
    mtlscouts_committee
    Answered on January 17, 2013 at 05:51 PM

    As far as I know, I am not using an httpS connection to edit my forms.  However, even if I did, what does that have to do with the submissions? 

  • Profile Image
    Mike_T
    Answered on January 17, 2013 at 05:58 PM

    You are right, it should not be connected with the submissions, but something went wrong with your form 23215769312250, resource links were changed to httpS. We are trying to understand how that may happen.

    Anyway, the form looks good, since we cleared form caches. If you reproduce it again, please let us know.