- Issue created by @phonkala
- Status changed to Needs work
about 1 month ago 3:26pm 8 September 2025 - 🇺🇸United States jrockowitz Brooklyn, NY
We need to create an example webform that can be used to replicate the issue.
I've been using Webform module for my current project for over a year. For every webform submission, we send confirmation email to the user, with the tokenized UPDATE URL for quick access to edit the submission. We also limit most forms to 1 submission per user.
It's been a long time since I actually clicked those tokenized update links, but realized today they now require you to login. This seems to happen only when the form has the option "Limit users to one submission per webform/source entity" checked. VIEW and DELETE links work perfectly fine without logging in.
Is this intended or could this be a bug? I'm pretty sure I have used those links when we first added them to emails and had the submissions limited to 1 per user per webform even then, but I cannot be 100% sure of this. But anyways, aren't those links supposed to bypass other access control, so unless the approach has changed, they should work without logging in?
Active
6.2
Code
We need to create an example webform that can be used to replicate the issue.