If a person goes on a coffee break in the middle of a form, the session expires. Happens all the time. So they come back to complete and hit submit, session bombs out, error message. Developer could say, "I just put all the user form data in as hidden fields
and restore the session from that". If you have multiple page forms you'd save all the data from the prior screens. What's wrong wih this picture? For security reasons, nothing from the client should be trusted. You are picking up all your restore information
from a possibly compromised client, user id, form data, etc. What do you think about this and how do you handle expired sessions in a form? Remember the customer should not see a glitch, or at least get a very gentle error message explaining they took too
long for coffee.
tangle
Member
209 Points
73 Posts
Problems with expriation
Sep 19, 2003 05:18 PM|LINK