Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Nov 2008
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Best way to approach this??

    What would be the best approach to accomplish these goals.

    I am trying to create a bit of security and i don't want a person to be able to access a page unless they have gone through the main page first. So i have a main page, and then a _parent page that pops up once the user clicks submit. But i don't want that page viewable unless they have seen the main page first.

    At no time should the second page be viewable unless the main page has been submitted.. Best way to do this? Random Encrypted keys or passwords??

  • #2
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts
    In the server side code (like PHP) when the form is posted and valid (server side validation), issue something like a session variable or even a cookie (session is better IMHO).

    Then in your other page, if the session variable is unissued or invalid, redirect (and stop page code execution) the user to your main page...

  • #3
    New Coder
    Join Date
    Nov 2008
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yea, i was reading up about sessions, but how can i make sure its the same session. So i have the main page ---> submit button --> Page2


    I am assuming i will have a unique session value on the main page.. and once the submit is pushed.. how can i check, on Page2, if its the same session variable? Confused a little bit.. Are there any hidden attributes i can pass from the main page?

  • #4
    Regular Coder
    Join Date
    Apr 2009
    Posts
    244
    Thanks
    1
    Thanked 20 Times in 20 Posts
    Consider managing your sessions on the database side.

    In fact, even better, consider not using the SessionID object at all, and instead manage database record(s) that will resemble a session. You can generate a GUID that will be the actual unique ID.

  • #5
    New Coder
    Join Date
    Nov 2008
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I would prefer to stay away from the database side.. and just stick with sessions.

  • #6
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts
    Sessions are like cookies... It's website persistent as long as the browser is open (or shorter if you decide).

    You could post something unique in the session ($_SESSION work just like arrays once started) like a MD5 of the username... It depends of you design and situation.

  • #7
    New Coder
    Join Date
    Nov 2008
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    How would i go about that? Javascript? and then how can i get that from the new window opened?

  • #8
    Regular Coder
    Join Date
    Oct 2008
    Posts
    214
    Thanks
    5
    Thanked 22 Times in 22 Posts
    Sessions are server side variables... Used in PHP you yould use $_SESSION.

    A good start is:
    http://docs.php.net/manual/en/functi...sion-start.php


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •