Hello, I have a restricted access survey with token access. I send the tokens to each user by email and the idea is that each person can choose only one option, and that when the response is sent the survey is closed, as if it were a vote.

Today, a user accessed the survey from two different computers at the same time with the same token and was able to choose a different option from each computer. On one computer the survey ended without problems and on the other he received the notice that the token had already been used, which is correct that´s ok. The problem is that two responses were recorded and that is not correct because we need each person with their personal token to only be able to answer only one time.

In the survey participant base, the remaining uses option was 1 and after the person voted from two computers, the value of that field was -1 for the same person. This is also wrong.

Does anyone know what options there are to solve this problem?

I would need that if a survey is started with a token, it should not be possible to enter from another computer.

I am using version 3.27.6, does anyone know if the later versions solved this problem?

Has anyone else had this problem? Can you think of options? Thank you.

I would need that if a survey is started with a token, it should not be possible to enter from another computer.

A token usage is counted on a complete survey. The scenario that a respondent is trying to fill out a survey with the same token on different browser sessions (e.g. different enddevices) is not tampered by LimeSurvey. If LimeSurvey would prevent such a usage, you would have no access for people which change browser or enddevice after an attempt. Or if the browser crashes the reentering would need to be prevented too.  So a token usage should limit the completion of more than one survey.  There are some seldom cases where you end up with two responses. You normally choose the last response with the same token.

Every LimeSurvey version V4 or V5 will behave the same. For a survey application it's the typical approach.
 

Hi Jelo, thanks for your response. I understand your explanation, but a useful security measure would be that when a token is in use it changes the status in the database and that it cannot be used from another device. And in case the person has had a problem with their computer or browser, this database status could expire after a few minutes or seconds.

But it is risky that a critical survey can be accessed from different devices at the same time. Obviously if we are talking about a survey that is not confidential there would be no problem, but if we want confidentiality, access through token should be more secure and allow only one person / device at a time.

Don't you think?

But it is risky that a critical survey can be accessed from different devices at the same time. Obviously if we are talking about a survey that is not confidential there would be no problem, but if we want confidentiality, access through token should be more secure and allow only one person / device at a time.

In your case one person used the token on two devices. Which is no breach of data.
If a token is exposed to a third party, that third party can use the token.
The default setup will just create a new response setup when reusing the token.
Data of another user can only be exposed, if there is data persistence and the token can be used to reenter the response set.
That breach would also take place, if only one user per time can enter the survey with the token.
As long as your scenarios have the requirement of an exposed token, there is no way to secure anything via preventing of more than one browser entering the survey with the same token.
We don't know who is the legit user and who is not.

Let's assume that the users are legitimate, but a specific user accesses the same time from two devices, just to test the security of the platform. This person answers the questions and sends the survey from both devices, and receives two completed survey confirmation emails.
Ok in this scenario there was no compromised data because it is the same person, but how do I explain to this person, without technical knowledge, that the platform is safe and that his responses are not duplicating?

OK there was no data compromise, but trust in the platform is lost.

I do not see what the problem would be if there is a session record that does not allow two computers, smartphones or browsers to enter with the same token, at the same time.

Thanks!

I do not see what the problem would be if there is a session record that does not allow two computers, smartphones or browsers to enter with the same token, at the same time.

It's not my intention to prevent that you submit a feature request or a bug report to add this kind of functionality to LimeSurvey. I have only tried to explain that the current behavior is intended. Perhaps you get some other responses here. If you submit a feature request or bug report please post the URL to the ticket in the thread here. Thanks.


 

The bottom line - was that respondent able to submit two "completed" responses?

If so, it is a bug, if not simply only use completed responses.

Yes, he was able to answer the same survey twice, at the same time, from two different computers. Anyway, I was able to make sure this doesn't happen again by setting the token field of the response table for that survey as the unique key in the database.

What worries me most now is that if the person enters with the same token, at the same time from two different devices and ends the survey at the same time, sometimes it may happen that receives two emails informing that he answered the survey. if participants find out about this problem they will lose confidence in the LS tool. Because they may think that in addition to receiving the confirmation twice, the responses are also doubled.

If anyone knows how to solve this problem I will be very grateful. or maybe you know of a plugin or if this was fixed in LS versions 4 or 5.

Thanks!!

gabarg2021 wrote:

Hi Jelo, thanks for your response. I understand your explanation, but a useful security measure would be that when a token is in use it changes the status in the database and that it cannot be used from another device. And in case the person has had a problem with their computer or browser, this database status could expire after a few minutes or seconds.

This plugin have a system to disallow multiple edition of the same answer : gitlab.com/SondagesPro/coreAndTools/reloadAnyResponse

gabarg2021 wrote:

But it is risky that a critical survey can be accessed from different devices at the same time. Obviously if we are talking about a survey that is not confidential there would be no problem, but if we want confidentiality, access through token should be more secure and allow only one person / device at a time.

I don't understand your confidentiality issue here : if another user have the token : he can see other answer.
The only issue is one answer replace other answer

gabarg2021 wrote:

Yes, he was able to answer the same survey twice, at the same time, from two different computers. Anyway, I was able to make sure this doesn't happen again by setting the token field of the response table for that survey as the unique key in the database.

You have 2 lines or only one line ?

If you have token answer persistence + allow edit
1. User one enter in survey and write "I'm the user 1"
2. User two enter in survey ans write "I'm the user 2"
3. User one submit : data is "I'm the user 1"
4. User two submit : data is "I'm the user 2"

Without allow edit but allow save
1. User one enter in survey and write "I'm the user 1"
2. User two enter in survey ans write "I'm the user 2"
3. User one save : data is "I'm the user 1"
4. User two save : data is "I'm the user 2"
5. User one submit : data is "I'm the user 1"
6. User two submit : receive an error before answer is replaced (must check and confirm).

Hi DenisChenu!
Thanks, I'll try the plugin, I think maybe the next option should fix the problem:

Plugin description: --> "Time for disable multiple access (in minutes) : since editing a response by 2 person at same time can replace current response done : a time for disabling mutiple access for all response done. This was used too with survey with token enable and answer persistence.".

Hi DenisChenu, i don't understand this question: "You have 2 lines or only one line ?".

What do you call "lines" in the survey?

About your answer, I don't think that this is a confidential issue, but is a problem because all this situation described before, happened with "allow edit" option disabled.

I'm talking about this situation:
"What worries me most now is that if the person enters with the same token, at the same time from two different devices and ends the survey at the same time, sometimes it may happen that receives two emails informing that he answered the survey. if participants find out about this problem they will lose confidence in the LS tool. Because they may think that in addition to receiving the confirmation twice, the responses are also doubled.".

So, if each person's unique vote/answers is relevant to a company or institution decision, the possibility of a single person writing two or more votes in an anonymous survey is a problem. The fact that one person received two e-mails informing that he answered the survey. if another participants find out about this, could be a problem.

Thanks!!

> What do you call "lines" in the survey?

The reponse : row in response table or line in csv export.