Perhaps with a uuid that is saved to a user's session? On Thu, Nov 12, 2009 at 10:03 PM, Chris Moffitt <[email protected]> wrote:
> I think you need to create a unique id of some sort, assign it to the > user's session and validate it along each step to make sure they are the > right person to access the step. > > Does that make sense? > > -Chris > > > On Thu, Nov 12, 2009 at 6:55 PM, philosophe <[email protected]> wrote: > >> >> I needed to build a configurator for my product, so I built a flow of >> form pages that created and edited a class "foo". The last of the >> pages in this flow did a form GET to the custom order product and >> passed in the data from the configurator to the custom text field on >> that custom order product's template form. >> >> so the urls i built for the steps look like this: >> - /shop/product/foo/ #step 0 >> - /shop/product/foo/17/step1/ >> - /shop/product/foo/17/step2/ >> - /shop/product/foo/17/step3/ >> - /shop/product/foo/foo/17/ # the custom order detail page >> - /shop/cart/ >> >> the product is not created until that custom order product detail >> page. >> >> these urls allow me to jump to a particular step, and populate the >> page from the appropriate foo fields. >> >> my question is: can I secure these urls so only the user configuring >> this particular foo-product can access this foo-product? The user has >> not authenticated before starting this configuration. >> >> thanks, >> --derek >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en -~----------~----~----~----~------~----~------~--~---
