Page 1 of 1

Session variables to store form processing information

Posted: Sun Nov 13, 2005 1:53 pm
by Cogs
Hi,

I've been playing with an idea for a while now and would like to know of any problems you can see with the following design:
  1. A form is generated from a template-like file
  2. In the template, processing information for each field, such as database column which to store the input and the filter/validate functions, are set
  3. When the template is parsed, the process information for each field is stored in session variables
  4. When the form is submitted it will be handled according to the stored information
Now, what issues might arise from this design? Could the session time out too quickly if the user is editing a particularly long form? What are the security concerns?

Any Constructive feedback would be appreciated :D

Posted: Mon Nov 14, 2005 12:15 am
by McGruff
I think my approach would be to skip session and just have a separate form processing script.

Anything you do store in sessions ought to be safe - but read up about session hijacking.