SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict darkwater23's Avatar
    Join Date
    Nov 2005
    Location
    Omaha, NE
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Design issue with multi-page form

    Hello!

    I have a task to divide up a HUGE one page college application form into five pages.

    Each page submits to itself, moves the posted data into $_SESSION, does server-side validation on user input and, if it all is well, it uses header() to move the user to the next page.

    I like this technique because its easy to roll all the $_POST data into the $_SESSION array and the form pages repopulate the input fields if the session variable exists.

    The problem is I only destroy the session at the end once all validation and processing is complete. My boss doesn't like the fact that you can open an incomplete app before the session expires and the form recovers the session data.

    I'm not sure what to do about that. Do I need to do anything about that?

  2. #2
    SitePoint Enthusiast monkey56657's Avatar
    Join Date
    Jun 2007
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    Perhaps you could generate a unique ID, have it stored in a session variable...Then direct the user with the header and the UID in the url...

    This way when they come to the next page if the UID in the url and the session UID generated a millisecond before when you sent the header() command dont match then you know that the user has come to the page from a page other than the one they were supposed and can clear the session data for that page?

    Then because the user should have visted the new page instantly after submitting the last page we can simply generate a new session UID ...this meaning that if the users visits the second page again the UID's in url and in session wont match up.

    Understand? Sorry my explain isnt very good.

  3. #3
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You probably should shorten the session expire time or for that app alone set up a custom session system that will work the same but have a very short session expire time. Despite your boss's concerns, this is far better than having incomplete data from submissions in your database.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •