Preventing workflow manipulation

Is there a way to prevent a user from opening the same page on multiple devices and then clicking the same button simultaneously in all of them?
An example would be a “withdraw funds” button. The user can open two browsers and click the withdraw funds button at the same time. The workflow condition will allow it on both browsers because the DB hasn’t changed yet and then the payment will be issued twice.

1 Like

Hi there, @mano… maybe this thread could help?

Before I found that thread, I was thinking of a pretty “heavy-handed” approach (which is similar to the thread in some ways) that sets a yes/no field on the user to yes when the button is clicked, and the button is disabled when the user’s yes/no field is yes. Then, you could possibly use a database trigger to set the user’s yes/no field back to no when something else is updated, and the button would become clickable again.

Anyway, hope this stuff helps, even if it’s just food for thought.

Best…
Mike

This is not a possible solution, because it’s not about button states. You also can’t rely on a DB flag since the workflows run asynchronously and the condition might run on both of the workflows before the DB change occurs, so two workflows can run at the same time on two different browsers even with a DB flag.

My two cents:

Schedule the workflow to check 15 seconds later (or later) if any recent item has been created in the last 15 seconds. If yes then stop. If no then proceed.

Have the button be not clickable for as long as needed once the transaction has been checked for duplicates ir triplicates…

This is me thinking out loud … Have not tried it or thought through likely quirks on this idea …

That won’t work if they both check at the same time if an item was created 15 seconds ago and the answer is no and then they both create an item.

Do not let the payment go if an item is found to have been created 15 secs ago and flag it for someone to check it

Did a workaround while ago in a project.
It was a wallet withdraw funds.

E.g:
Wallet database → Field: withdrawed type: yes/no.

Add condition to the withdraw button: Only when → Withdrawed is no
When withdraw button is pressed → First workflow: Make a change to thing → That wallet record → withdrawed yes → Next workflows: (scheduled api…) / Custom workflow


However, I recommend creating an extra API backend security layer that verifies each unique transaction (and cancels duplicates) before transferring the funds. It’s pretty easy to do and it’s the best thing you can do for this specific case.

1 Like

Thanks for the suggestion for an extra API backend.
Your workaround doesn’t guarantee that the workflow won’t be fired twice. Workflows are not atomic and the button condition can pass twice on two different browsers before the field is changed to yes.

Yes, that’s why suggested back-end.

There are multiple ways to workaround and click buttons that have “x” conditions that should be not clickable or hidden. That’s why you should never “rely on conditions” for this specific scenario.

This topic was automatically closed after 70 days. New replies are no longer allowed.