Quote:
Originally Posted by Fou-Lu
If I guessed it, it would either stuff it into the session or forward the post data. Both options would be theoretically open for abuse; if you post and leave the browser open and login as a different user, than it automatically posts as that user instead. That said, no matter whether its through post or through session it should be invalidated once the browser is closed.
Edit:
Quick test shows that the post is forwarded through the form.
|
Okay, but back on track...
The scenario I was describing is one where there are 2 windows open.
One window has the "Send PM" form in it with an unsent message.
In another window, for whatever reason, the User was logged out.
So in Window #1, when they hit "Submit", I re-route them to a log in screen, thus losing the data I had saved in my original "sticky form".
It would seem that in that scenario, I should save the Form Data in a Session, so after they go from "send-pm.php" to "log-in.php" back to "send-pm.php" that their data is retained in the "Send PM" form?!
(I'm trying to figure out how to do this, and it is a real PITA figuring out the sequence of setting and unsetting variables?!)
BTW, I'm not using Ajax, so that isn't an option.
Debbie