Skip to content

[Bug] [SECURITY] Face Recognition Attendance Allows Multiple Concurrent Verification Requests #3907

Description

@VishnuVardhanCodes

🐛 Describe the bug

During face recognition attendance, users can trigger multiple verification requests before the first verification process finishes.

This may result in duplicate attendance submissions, unnecessary API calls, and increased backend load.

Current Behavior

  • Multiple verification requests run simultaneously.
  • Duplicate attendance records may be generated.
  • Face recognition APIs receive redundant requests.

Expected Behavior

  • Only one verification request should be processed at a time.
  • Additional requests should be ignored until verification completes.
  • Attendance should only be marked once per session.

Possible Areas to Investigate

  • Face recognition workflow
  • API request locking
  • Attendance submission validation
  • Client-side request throttling

Severity

High

Suggested Fix

Implement request locking, debounce verification requests, and validate attendance on the server before insertion.

Metadata

Metadata

Labels

bugSomething isn't working

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions