Vulnerability in EPiServer.Forms
We've installed the 'Episerver Connect for Marketing Automation' package into a website we're developing. The integration works insofar as we have a 'SilverPop Submit Email' form that does successfully submit an email entered by user that pops up in the Silverpop database.
The problem is... if a different email is then later entered into the same form... it replaces the previous entry. This must not happen. Susequent posts, even from same machine must be recorded separately (if different email).
The email is set up as a UniquID key... so I've no idea why this is happening? I recently created a piece of code that submitted contact info to Silverpop via a .Net Web Api call... this allowed me to specify a field called 'UPDATE_IF_FOUND' .. that I could use to prevent updates if the key field is the same... but this automated add-on seems to have no such features... and the key value is not even the same anyway.. the emails submitted are differnt!?
It seems to be connected to the website location somehow? We have a couple of different servers (Test vs. UAT) that if I enter an email on one then the other... it correctly recors them as two separate entries in the Silverpop database.
Any ideas on how we can fix this situation?
The problem you have here is that Silverpop uses a Unique ID written into a cookie to identify the user - this is how it is able to capture progressive forms. Obviously it can't store the email address in the cookie, that would be a security risk, and so it uses a generic ID. Possibly a GUID, if I recall correctly. As far as the email goes, it may be stored as unique, but it's not technically the ID of a user.
In order to uniquely identify a 'brand new user', you really need to dump the cookies. That's the proper way to do it. If you don't do that, it will require some serious jiggery pokery to catch a different email and somehow mask or change the user's unique ID as it goes through the system.
As for different servers, the cookie will be domain specific so it won't remember your unique ID across Test / UAT etc, which is why that gives you two separate entries.