473,386 Members | 1,804 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > sessions and cookies

Join Bytes to post your question to a community of 473,386 software developers and data experts.

sessions and cookies

pradeepjain
563 512MB
Hii,
I am starting to learn about sessions and cookies...i need some help or suggestions

I have a form where in a user fills the form and then previews the page which is the second page and then submits the form in preview page.and then thanks message in the 3rd page after submission.

now i don't want the user to go to 2nd page directly by knowing the url bcos he can skip the java script validation ..and after submission when the submission is finished when thanks message gets displayed the session must expire bcos when he refreshes the page the form submission gets done again.


thanks,
Pradeep
Aug 2 '08 #1
1 1037
Hello,

You mustn't rely on JavaScript validation. That's just a guide to prevent the user from submitting the page multiple times and getting error messages. JavaScript helps the user by displaying error messages as soon as possible.

Your first page must contain form validation JavaScript, to help the user and the form method should be POST to the second page.

The second page should begin with session_start(), then it should validate the form elements (you have to validate everything on the server again). If the input is OK, put all the input elements in an associative array and then put the array in $_SESSION
Expand|Select|Wrap|Line Numbers
  1. session_start();
  2. if (empty($_POST['first_name'])) header('Location: page1.php'); // if the user tried to trick us by messing with the JavaScript, send him back!
  3. if (empty($_POST['last_name'])) header('Location: page1.php'); // if the user tried to trick us by messing with the JavaScript, send him back!
  4. $user_data = Array(
  5.   'first_name' => $_POST['first_name'],
  6.   'last_name' => $_POST['last_name']
  7.   );
  8. $_SESSION['page1_input'] = $user_data;
Then you echo the confirmation HTML. With a form that doesn't contain any input elements, just redirects the user to page3.php.

The third page should also begin with session_start() because ALL the pages that want to work with session variables need to initialize the session when they're requested. Then it should use the information in $_SESSION
Expand|Select|Wrap|Line Numbers
  1. session_start();
  2. if (!isset($_SESSION['page1_input'])) header('Location: page1.php'); // user tried to load this page directly, without passing through pages1 and 2.
  3. processInformationInUserDataAssociativeArray($_SESSION['page1_input']);
  4. unset($_SESSION['page1_input']);
And now it should say thanks.

Keep in mind that anyone can disable JavaScript on their browser and anyone can replace YOUR JavaScript with THEIR own JavaScript code! Anyone can easily emulate form submission with both the GET and POST method and they can even emulate the form as being posted from your own domain when it's not. Never say "never," there's always some idiot trying to mess with your website to steal information, so you should follow at least the steps I've posted above.
If you have any questions regarding this process, let me know :)

Hope this helps,
Tom
Aug 2 '08 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

1
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
PHP
6
Cookieless ASP Sessions
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start...
ASP / Active Server Pages
2
Cookies/sessions will not die - Browserhawk Test?
by: | last post by:
Its strange...I have experimenting with browser hawk by using the cookie sniffer method. However, even If adjust the security slider level in internet options or goto advanced in the privacy tab I...
ASP / Active Server Pages
2
Possible to turn on/off cookieless sessions dynamically on a case by case basis at run-time?
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use...
ASP.NET
2
Sessions not retained in Firefox/Safari
by: Chris Mahoney | last post by:
Hi I'm using several Sessions in my app. When the user has cookies enabled in their browser, everything works fine. But with cookies disabled, only IE seems to remember the sessions. In Firefox...
ASP.NET
7
sessions vs cookies
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session...
PHP
6
Eternal Debate: Cookies vs. Sessions vs. QueryString
by: Paul | last post by:
Here is a question that should get everyone going. I have an ecommerce site where I need to pass the order_id to every page. So which method is the best practice to pass this variable between...
ASP.NET
13
Frinavale
Sessions - How To Pass Information Between Web Pages
by: Frinavale | last post by:
One of the most fundamental topics in web design is understanding how to pass information collected on one web page to another web page. There are many different ways you could do this: Cookies,...
ASP.NET
5
Why Do PHP Cookies and Sessions Work Even When Cookies Are Disabled?
by: jheines | last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet...
PHP
8
sessions - with or without cookies
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all*...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!