Jump to content

SESSIONS causing my form fields to clear


hadoob024

Recommended Posts

I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply).

Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form.

Here's basically what I have on "form.php":
[code]
session_start();
$secret = md5(uniqid(mt_rand(), true));
$_SESSION['secret'] = $secret;
<input type="hidden" name="secret" value="<?php echo $secret; ?>" />
[/code]


And on "formprocess.php":
[code]
session_start();
if (!isset($_POST['secret']))
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret'])))
{
     //Call error handling function with $problem = 2 (minor security breach)
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
}
else
{
    //unset() session variable
    //unset($_SESSION['secret']);
}
[/code]



What in this code could be causing the form fields to clear? Thanks!!!
Link to comment
Share on other sites

I was just doing some reading and came across the setting "session.cache_limiter". Could this have anything to do with my problem? The manual doesn't have too much information on this, regarding whether or not I can use it to help with my problem. Anyone have any experience with it? Thanks.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.