Technical Question regarding Session Variables

  • Resolved vycwebmaster

    (@vycwebmaster)


    2 years, 9 months ago

    Scenario:
    Want to send our members unique links to a Web-Based Form so they can submit any changes.

    We would provide them with a link that contains their current form field data (encrypted) within the URL parameter clause

    Given:
    The WP Form Plugin Vendor provides a way to add PHP functions (HOOKS) via add_filter or add_action, the thought was to temporarily capture the URL parameter values in the post_meta table (the idea being post_id is unique so could be uniquely associated with the data)

    Questions:
    1) the Vendor has NOT provided Post_ID for all of its HOOKS … this leads me to wonder if they don’t actually make a post entry until after the form is submitted … this is too late as the data needs to be decrypted and assigned to the Form Fields

    2) is there a WP session/connection id available that can uniquely identify “THIS” user?

    3) Old-World, Top-Down methodology would just assign GLOBAL VARIABLES … but … very concerned with what happens when 2 or more users use this Form at the same time … one would hope within the multiuser UNIX world that each WP session would generate a copy of itself and all its associated

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    Ideally member data would be tied to a WP user ID. I suspect members are not necessarily registered users? There’s no built-in WP way to distinguish non-registered users between requests. Global values are of little help between requests, with the exception of session variables. A possible alternative to session vars are cookies. But using cookies often means GDPR compliance. Data could also persist between requests with transients, but you would need some unique identifier tied back to the user that keys the transient values. Things are much simpler with registered users ??

    There’s no risk of one user getting another’s form data as long as each user can be uniquely identified and you use proper security measures like verifying form data source with a nonce. Session or cookie vars are ways to uniquely identify users.

    Thread Starter vycwebmaster

    (@vycwebmaster)

    Thanks for the feedback

    I have set up some tests to reveal/prove to myself the actual Client – WP interactions:

    Results:
    The Plugin provides the ability to add PHP code which hooks into the Form Action and Field Filter processes … these processes run before WP sends the final HTML content to the Client … using a sequence counter initiated to 0 any time the PHP hook file opens, shows that the PHP hooks file is restarted when the Client Submits the form content back to WP

    This means the PHP hooks file use of Global variables is problematic … a Global Variable set to capture/maintain URL parameters is lost/reset when the PHP file is restarted.

    So brings me back to square one on how best to maintain a “SESSION” related set of vars?

    Reviewing the HTML source, the only item that appears to stand out is that the FORM is provided a unique Captcha ID … suspecting this may be generated by some JS on the Client when the Page is loaded because I couldn’t find any reference to this value being generated in WP or the Plugin

    From a high level, perhaps it isn’t necessary for WP/Plugin to maintain a link from the HTML page sent to the Client, to the Client’s final submission back to the WP/Plugin

    So that begs the question, if I need to tie these connections together, what should I use? I did a search for cookie in WP and the Plugin and see there might be some cookie use … but … if the plugin is using a cookie it wasn’t showing up in the windows app data folder

    I could perhaps generate some kind of unique “SESSION ID” on the first connection and create a temporary SQL record but then how would subsequent connections know what record to relate to?

    As a top-down dinosaur who has been coding since the mid 70’s, I guess I am having a hard time with this seemingly disjointed process

    In a perfect world, I would envision WP creating a unique SESSION ID which it would provide to the Client embedded within the HTML source … any further interaction by the Client would then use this SESSION ID

    Thread Starter vycwebmaster

    (@vycwebmaster)

    Warning: Potential Roundabout/Outside-The-Box Solution

    This Form Plugin provides the ability to have HIDDEN form fields (might be able to also do this with regular HTML fields as they can also be hidden using is embedded jscript on the client-side)

    Regardless of the number of times the PHP file is loaded, the key to success here is to capture/save the required data while the HTML is being built, and ultimately have that data available when the submitted Form is processed … as stated impossible using globals as the PHP file that initiates these Globals is being called multiple times … each time the PHP file is run the Globals are reinitiated.

    Solution:

    1) Client opens a URL (potentially with parameters)

    2) WP/Plugin builds HTML page during which time these hidden fields can be populated with required data

    3) Client fills out/completes the form and submits the form

    4) WP/Plugin is now able to retrieve the previously stored data from the hidden field(s)

    Simulate global var(s) by basically using the HTML content to hold the values until required

    Thanks for listening … hope this simple idea helps others

    Note: the data in these variables doesn’t have to make sense … the more nonsensical the better … using short length codes would be meaningless to most

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Technical Question regarding Session Variables’ is closed to new replies.