Hi,
Just wondered what is best? Here's an example:
Basically I'm submitting a form, this form submits to the same page the form is on so it can echo out some info based on what was submitted.
After I had finished that and it was all working I remebered about session IDs so I made it do this:
Form submits to a separate PHP page with the submit code in it, when that code is done doing it's thing it goes to a new page carrying the session id, the session id is then posted on another different page.
Basically the main thing that this is doing is avoiding someone making a macro that refreshes the page and presses OK to the little warning that comes up and re-submitting the same information, instead, with php session ids, when they refresh they'll just see the information there still which I really like.
So it's up to security, which way is safer?
Thanks
Craig.
Just wondered what is best? Here's an example:
Basically I'm submitting a form, this form submits to the same page the form is on so it can echo out some info based on what was submitted.
After I had finished that and it was all working I remebered about session IDs so I made it do this:
Form submits to a separate PHP page with the submit code in it, when that code is done doing it's thing it goes to a new page carrying the session id, the session id is then posted on another different page.
Basically the main thing that this is doing is avoiding someone making a macro that refreshes the page and presses OK to the little warning that comes up and re-submitting the same information, instead, with php session ids, when they refresh they'll just see the information there still which I really like.
So it's up to security, which way is safer?
Thanks
Craig.
