Describe the problem/error/question
Hello,
I’ve built a multi-step form using Form Trigger > Next Form Page > Form Ending.
However, I’ve found a potential issue.
After the first form submission, the workflow moves to a Next Form Page (served under /form-waiting/{number}).
Until the original user submits that page, anyone who guesses or changes the numeric ID in the URL can access that intermediate form and complete it themselves.
In my case, the next page even displays the values entered in the first form.
So if someone intercepts it, they can both view and overwrite another user’s data.
I’d like to keep the multi-step form behavior but prevent this kind of interception.
Is there a built-in way to protect the /form-waiting/{id} page or replace the sequential numeric ID with a UUID or another opaque token?
If not, what’s the recommended approach to ensure only the original user can continue their own form session?
(e.g., using short-lived signed tokens, requiring authentication on the Next Form Page, or redirecting through a protected webhook)
Thanks for any guidance or best practices! 
What is the error message (if any)?
Please share your workflow
Share the output returned by the last node
Information on your n8n setup
- n8n version: 1.114.4
- Database (default: SQLite): SQLite
- n8n EXECUTIONS_PROCESS setting (default: own, main): own, main
- Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
- Operating system: ubuntu 24.04.3 LTS