PHP Developers Network

[Tokunbo]

hello sirs,

Please could you help me out with a session problem.

Like, I have 3pages (page1.php, page2.php, page3.php).

I use sessions between page1 and page2.

Page1 - a user fills up a form
Page2 - the user fills up his contact details, and hits a submit button which processes the data to be sent by email.
Page3 - a thank you page.

Now I discovered that after page3, when I go back to page1, the original data is still there.

I googled on the net and what I understand is the session has to be destroyed. My question is: when is most ideal for the session to be destroyed. For ex: the user is filling up page2 and he remembers something to update on page1, etc

Can I destroy the session on page1 immediately after the user hits the submit button on page3?

How?
Or what better way can the above be professionally handled.

regards
Toks

[Celauran]

I'm not even sure where or why sessions are coming into play here. If you're just moving around form data, why not just use POST? At any rate, if page3 is just a thank you page and everything has already been submitted, then that seems a suitable place to unset the various session variables.

[Tokunbo]

@Celauran
thanks for the reply.

Are you saying I shoudnt have used sessions.

What I have is this:

A user selects options on a form (pull down menu) and clicks "add to cart". The info is stored into the db using the present SessionID as a reference. When the user is done, he clicks a submit button to go to a form where he can fill up his name, etc. Then hits the submit button. The thank you page now appears.

The only problem is: from the thank you page / any other page on the menu, coming back to the form page still shows the content of the cart. So im thinking since the session is still there and Im using it to reference the previously selected elements in the form, so its displayed.

From the thank you page, ive tried to figure out how I can reset the sessionID of the form index page.

I googled and found the sesssion_regenerate_id() command, however its not compatible with my form, since it posts into itself. This just means I would never be able to display the contents of my cart.

Please advise.

[x_mutatis_mutandis_x]

Just using 3 pages may not be an ideal solution. See below a pseudo code.

Page1.php:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

<html>
<? if ($_SESSION[page1_error] ) { ?>
<font color=red><? echo $_SESSION[page1_error]; $_SESSION[page1_error] = false;?></font>
<? } ?>
<form name=user_form action=processPage1.php>....</form>...</html>
 

processPage1.php:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

Validate data submitted from Page1.
If valid {
$_SESSION[page1_data] = the data submitted from Page1
$_SESSION[page1_error] = false;
header(Location:Page2.php);
} else {
unset($_SESSION[page1_data]);
$_SESSION[page1_error] = the error message you want to show
header(Location:Page1.php);
}
 

Page2.php:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

if (! isset($_SESSION[page1_data])) {
header(Location:Page1.php);
exit;
}
<html>...
<? if ($_SESSION[page2_error] ) { ?>
<font color=red><? echo $_SESSION[page2_error]; $_SESSION[page2_error] = false;?></font>
<? } ?>
<form name=user_form action=processPage2.php>....</form>...</html>
 

processPage2.php:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

Validate data submitted from Page2.
If valid {
$_SESSION[page2_data] = the data submitted from Page2
$_SESSION[page2_error] = false;
try {
saveToDatabase($_SESSION[page1_data]);
saveToDatabase($_SESSION[page2_data]);
otherBusinessLogic();
} catch (Exception ex) {
$_SESSION[page1_error] = error message you wanna show
header(Location:Page1.php);
exit;
}
header(Location:Page3.php);
} else {
unset($_SESSION[page2_data]);
$_SESSION[page2_error] = the error message you want to show
header(Location:Page2.php);
}
 

Page3.php:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

$sessionData= $_SESSION;
Kill session;
Show fancy html suff (use $sessionData if need to show the sessions data)
 

I have also included error-handling on user end where I may have missed some logic here and there or made some typos, but hopefully you get the basic idea.
Also, you may wanna disable the "submit" button, onclick. This will prevent re-submission from the client/javascript side..

Cheers!

[pickle]

Ya, sessions aren't really necessary here, but since you've already got it set up, there's little sense in starting over.

The best time to clear the session is on page 3. Before then, the user might want to navigate between page 1 & 2 to modify data. On page 3 though, they've already submitted their data, so you no longer need to hold them in $_SESSION.

[x_mutatis_mutandis_x]

Sessions is recommended so that you can secure data pertaining to the user while collecting his info until you finish your unitofwork. Otherwise you would have to put up a bunch of hidden parameters on page2 for posts from page1 and in page3 for posts from page2. Avoid using hidden params as much as possible unless you are working with a 3rd party service provider.