Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.When limiting submissions, this module tracks by IP. In environments behind a proxy, this is unacceptable. However, if multiple submissions are allowed, then guests are allowed to submit which is also unacceptable.
I suggest the option to track by either IP or user ID when creating a form.
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | webform_pgsql.patch | 1.08 KB | quicksketch |
| #5 | webform.inc_1.patch | 673 bytes | jsouth775 |
| #1 | webform_limit.patch | 699 bytes | allie micka |
Comments
Comment #1
allie mickaWe have encountered this issue as well. Webform submissions are being limited by IP address AND username, when they really should be limited by IP address OR username.
With the present configuration, submissions are limited by IP address, even when each person behind the firewall is logged in as a different user. Worse, they're ALSO limited by username, which means that a limited number of anonymous users can submit!
My patch adjusts the behavior from:
To:
That is, we'll only limit the submissions by IP when the user is not logged in.
Comment #2
quicksketchThis looks good. Could you create the patch using the unified format (using the -u tag)?
More info: http://drupal.org/diffandpatch
Thanks!
Comment #3
Nikkol commentedthis seems to be working for me as well. I'd like to see an option to not allow anonymous submissions at all, but I suppose this can be handled through node access.
Comment #4
quicksketch@Allie Micka, thanks for the contribution! Committed to HEAD and 4.7!
Comment #5
jsouth775 commentedThe user column name seems to be reserved in postgreSQL. Patch attached.
Comment #6
quicksketchThanks jsouth for catching this. Your patch seems to break the mySQL implementation :D
Does the above patch correct the problem in pgsql? If so I'll commit it. Thanks!
Comment #7
quicksketchThe last patch was applied some time ago. Closing.