View Full Version : Sessions and Cookies

12-17-2004, 02:01 AM
I really need help. If there is anyone out there that can help me...please please...

I love what a 'session' can do for me. I have a multi page form that requires authentication to access. I have it set up and validating against the database, using the session I carry the id over from one form to the next. I intend to use the session id capability to also direct a user should he leave the site and come back at a later time to send him to the form he needs to complete, or at least list the forms he has not completed.

Can't use cookies. Client won't allow users to enable cookies. What can I do? I can't authenticate without them or move data from one form to the other without sending it to the http, right? Also, am really struggling with how to set up the redirect...
Client is concerned about security, so I feel that sending the querystring to the url isn't my best option. I've also looked in to the IP for authentication, but I can't guarantee that the IP will be stable...

Ideas? PLEASE??? :eek: :eek:

12-17-2004, 03:57 PM
Without user registration, it's tricky. Put a "please enter a password for future access" field in there and all you have to do is drop them into a database. But yeah, without cookies all you have to identify users as they arrive is IP, which as you point out isn't always reliable.

12-17-2004, 10:01 PM
Let's assume the client can be convinced of the need for 'sessions'

Can anyone give me guidance on the best route to redirect?

Let's say a user fills out the first 2 of 5 forms and then abandons their session.

When they return to the site, they will obviously have to log back in.

I want to be able to use their sessionID to determine where to send them (in this case form 3) without having stored a cookie on their machine...since some of my users might come back from a different machine all together.

So, I've set up each form to note in the db the submit button, then created a query within the db to note the ID and the submit from each individual form.

Can't I do a query based on this and say, if form 3's submit field is empty for this ID then redirect to form 3? (and of course, if the ID doesn't even show up in the query, start them at the beginning...)


12-20-2004, 09:36 AM
Hi Sker,
You're right, you can't trust cookies.
Why don't you create a field in the database where you can store values informing you of the different stages of completion for each user? You could store numbers say 1-6, so when the user finishes a form, as you are writing to the database you're also writing the value. Then when the user logs in, as you are validating his password, you are also reading the value so you'll just redirect him to the appropriate page. I believe this will work cos i used something like this for a project I worked on.