All geek questions in one place

Multipage forms and data SESSIONS vs HIDDEN

I am working on a 2 page form that POST requests a database. Read only, no write. None of this data is confidential, and each of them will not.

The site must be 100% incompatible with JS, therefore Ajax, etc. unavailable. All I got is PHP, baby!

FORM-2 content depends on the proportion of data in FORM-1 , but ALL data in FORM-1 must also be sent with the final request contained in FORM-2

It occurred to me that I can transfer data from FORM-1 to FORM-2 two different ways:

1) SEND FORM-1 variable data at SESSION
2) Send FORM-1 variable data to hidden fields on FORM-2

They seem to be about equally complex / easy to implement, so I'm curious about security, etc.

Also, in any case, if I FORM-1 -> FORM-2 -> Results and I don’t like my results, can I go Back Button twice to FORM-1 and still have all the data written, etc. .?

+4
source share
1 answer

Technically, sessions violate the "statelessness" of the website, and another option is preferable. If the security or danger that someone submitting form2 from their server with self-created values ​​for form 1 is really a problem, you can encrypt the data when you submit form 1 and save the encrypted data in a hidden field in form 2. (using mcrypt libraries - I have some sample code).

In addition, if we are pedantic, the "Back" button should not work with the POSTed form, as this will create problems with creating or destroying resources twice. But I think that most modern browsers support it - this is a function of the browser, not the server, although you can do things like you need a unique value for each view to stop it.

But realistically, almost everyone uses session cookies almost all the time. It is much simpler, there are many examples, and it is relatively safe.

+5
source

Source: https://habr.com/ru/post/1302704/

More articles:


All Articles