I think you need to create a unique id of some sort, assign it to the user's session and validate it along each step to make sure they are the right person to access the step.
Does that make sense? -Chris On Thu, Nov 12, 2009 at 6:55 PM, philosophe <[email protected]> wrote: > > I needed to build a configurator for my product, so I built a flow of > form pages that created and edited a class "foo". The last of the > pages in this flow did a form GET to the custom order product and > passed in the data from the configurator to the custom text field on > that custom order product's template form. > > so the urls i built for the steps look like this: > - /shop/product/foo/ #step 0 > - /shop/product/foo/17/step1/ > - /shop/product/foo/17/step2/ > - /shop/product/foo/17/step3/ > - /shop/product/foo/foo/17/ # the custom order detail page > - /shop/cart/ > > the product is not created until that custom order product detail > page. > > these urls allow me to jump to a particular step, and populate the > page from the appropriate foo fields. > > my question is: can I secure these urls so only the user configuring > this particular foo-product can access this foo-product? The user has > not authenticated before starting this configuration. > > thanks, > --derek > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en -~----------~----~----~----~------~----~------~--~---
