Jump to content


Photo

SESSIONS causing my form fields to clear


  • Please log in to reply
1 reply to this topic

#1 hadoob024

hadoob024
  • Members
  • PipPipPip
  • Advanced Member
  • 192 posts

Posted 25 March 2006 - 12:26 AM

I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply).

Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form.

Here's basically what I have on "form.php":
session_start();
$secret = md5(uniqid(mt_rand(), true));
$_SESSION['secret'] = $secret;
<input type="hidden" name="secret" value="<?php echo $secret; ?>" />


And on "formprocess.php":
session_start();
if (!isset($_POST['secret']))
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret'])))
{
     //Call error handling function with $problem = 2 (minor security breach)
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
}
else
{
    //unset() session variable
    //unset($_SESSION['secret']);
}



What in this code could be causing the form fields to clear? Thanks!!!


#2 hadoob024

hadoob024
  • Members
  • PipPipPip
  • Advanced Member
  • 192 posts

Posted 25 March 2006 - 03:41 PM

I was just doing some reading and came across the setting "session.cache_limiter". Could this have anything to do with my problem? The manual doesn't have too much information on this, regarding whether or not I can use it to help with my problem. Anyone have any experience with it? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users