View Full Version : Best way to approach this??

04-29-2009, 04:17 PM
What would be the best approach to accomplish these goals.

I am trying to create a bit of security and i don't want a person to be able to access a page unless they have gone through the main page first. So i have a main page, and then a _parent page that pops up once the user clicks submit. But i don't want that page viewable unless they have seen the main page first.

At no time should the second page be viewable unless the main page has been submitted.. Best way to do this? Random Encrypted keys or passwords??

04-29-2009, 04:48 PM
In the server side code (like PHP) when the form is posted and valid (server side validation), issue something like a session variable or even a cookie (session is better IMHO).

Then in your other page, if the session variable is unissued or invalid, redirect (and stop page code execution) the user to your main page...

04-29-2009, 05:03 PM
Yea, i was reading up about sessions, but how can i make sure its the same session. So i have the main page ---> submit button --> Page2

I am assuming i will have a unique session value on the main page.. and once the submit is pushed.. how can i check, on Page2, if its the same session variable? Confused a little bit.. Are there any hidden attributes i can pass from the main page?

04-29-2009, 05:32 PM
Consider managing your sessions on the database side.

In fact, even better, consider not using the SessionID object at all, and instead manage database record(s) that will resemble a session. You can generate a GUID that will be the actual unique ID.

04-29-2009, 07:07 PM
I would prefer to stay away from the database side.. and just stick with sessions.

04-29-2009, 07:45 PM
Sessions are like cookies... It's website persistent as long as the browser is open (or shorter if you decide).

You could post something unique in the session ($_SESSION work just like arrays once started) like a MD5 of the username... It depends of you design and situation.

04-30-2009, 04:09 PM
How would i go about that? Javascript? and then how can i get that from the new window opened?

04-30-2009, 06:10 PM
Sessions are server side variables... Used in PHP you yould use $_SESSION.

A good start is: