Jump to content

Archived

This topic is now archived and is closed to further replies.

hadoob024

SESSIONS causing my form fields to clear

Recommended Posts

I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply).

Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form.

Here's basically what I have on "form.php":
[code]
session_start();
$secret = md5(uniqid(mt_rand(), true));
$_SESSION['secret'] = $secret;
<input type="hidden" name="secret" value="<?php echo $secret; ?>" />
[/code]


And on "formprocess.php":
[code]
session_start();
if (!isset($_POST['secret']))
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret'])))
{
     //Call error handling function with $problem = 2 (minor security breach)
     errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
}
else
{
    //unset() session variable
    //unset($_SESSION['secret']);
}
[/code]



What in this code could be causing the form fields to clear? Thanks!!!

Share this post


Link to post
Share on other sites
I was just doing some reading and came across the setting "session.cache_limiter". Could this have anything to do with my problem? The manual doesn't have too much information on this, regarding whether or not I can use it to help with my problem. Anyone have any experience with it? Thanks.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.