hadoob024 Posted March 25, 2006 Share Posted March 25, 2006 I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply).Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form.Here's basically what I have on "form.php":[code]session_start();$secret = md5(uniqid(mt_rand(), true));$_SESSION['secret'] = $secret;<input type="hidden" name="secret" value="<?php echo $secret; ?>" />[/code]And on "formprocess.php":[code]session_start();if (!isset($_POST['secret'])) errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret']))){ //Call error handling function with $problem = 2 (minor security breach) errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');}else{ //unset() session variable //unset($_SESSION['secret']);}[/code]What in this code could be causing the form fields to clear? Thanks!!! Quote Link to comment Share on other sites More sharing options...
hadoob024 Posted March 25, 2006 Author Share Posted March 25, 2006 I was just doing some reading and came across the setting "session.cache_limiter". Could this have anything to do with my problem? The manual doesn't have too much information on this, regarding whether or not I can use it to help with my problem. Anyone have any experience with it? Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.