Yes I was playing around with this approach but I've never used wddx so wasn't sure about its usage in this situation. So I would basically use wddx to serialize, then drop that into a holding table and then on successful re-login, grab it where the userIDs match and then de-serialize on the insertion template?
I've been using http_referer and getfilefrompath(cf_template_path) as well as query_string. I've managed to get the app to continue on to the pages that process the various forms, it's simply been a matter of getting the form info to the processing pages, in the format that they are expecting (ie FORM.field1, FORM.field2, etc.) Since I don't know.... what is the security issue with using wddx and holding the info in session? Thank, Karl > From: "Marc Campeau" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Thu, 24 Jan 2002 13:17:22 -0500 > To: <[EMAIL PROTECTED]> > Subject: RE: [CFTALKTor] Arrgh.... still having form problems.... Help! > > What you could do is: > > In every form have a hidden field holding a hash of the SESSION.username and > form template URL for security purposes and another holding either a WDDX > serialzed version of your SESSION structure (possible security hasard) or a > DB ID referring to record holding the serialized SESSION structure in the > database (involves that you must re-serialize and save to the DB the SESSION > structure on every request, or at least everytime it changes). > > You should either by using CGI.HTTP_REFERER or using another hidden form > field holding the form template URL be able to reconstruct the > SESSION.username and URL string on the login form's submission and compare > it's HASHING value with the one in the form field to ensure someone is not > trying to submit data without being a valid user. Then using the serialized > SESSION structure, you could reload that users SESSION, take care of not > overidding it's new CFID and CFTOKEN, and resend the form data either to > initialize the FORM field values so that he resubmits or directly to the > validation template for insertion. > > Hope it helps, best of luck > > Marc > > >>> I'm on the verge of pulling out what little hair I have left. I have an >>> application which requires login. Once the user has logged in >> successfully, >>> they stay logged in as long as there is activity. I have my session >> timeout >>> set to 45 minutes which should be more than enough for the average user. >> The >>> problem is, some users will start filling out a form, leave >> their computer >>> for an hour, and then return to finish filling out the form and >> submit it. >>> At that point the session has timed-out so the user gets kicked back to >> the >>> login screen, the info from the form is lost and they have to >> fill it out >>> again. I've tried using javascript's history but that has worked - it >>> returns to the form ok, but the values are not there. >>> >>> What I would like is for the user, on successful re-login, be >> returned to >>> the form they were on and have it re-populated with the data they had >>> already provided. Or, after successful re-login, have the form >> data passed >>> to the cf page that processes the form. >>> >>> I have multiple forms on the site, with differing fields and >> options, and >>> rather than hardcode something to handle the problem for each form, I'd >> like >>> to have a single bit of code that will handle the problem regardless of >>> which form was submitted. Is this an impossible dream? Or am I simply >>> missing something? >>> >>> Pointers in some direction (except for up with the index finger), are >>> appreciated. >>> >>> Thanks, >>> Karl >>> >>> - >>> You are subscribed to the CFUGToronto CFTALK ListSRV. >>> This message has been posted by: Karl Zarudny >> <[EMAIL PROTECTED]> >>> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ >>> Manager: Kevin Towes ([EMAIL PROTECTED]) >> http://www.CFUGToronto.org/ >>> This System has been donated by Infopreneur, Inc. >>> (http://www.infopreneur.net) >>> >> >> - >> You are subscribed to the CFUGToronto CFTALK ListSRV. >> This message has been posted by: "Gustavo Jabbaz" <[EMAIL PROTECTED]> >> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ >> Manager: Kevin Towes ([EMAIL PROTECTED]) > http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net) > > - > You are subscribed to the CFUGToronto CFTALK ListSRV. > This message has been posted by: "Marc Campeau" <[EMAIL PROTECTED]> > To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ > Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net) - You are subscribed to the CFUGToronto CFTALK ListSRV. This message has been posted by: Karl Zarudny <[EMAIL PROTECTED]> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ This System has been donated by Infopreneur, Inc. (http://www.infopreneur.net)
