dynamota
asked on
What is the best way to store/move data in a typical website registration process?
Hi All,
Say I have a 4 page website registration process. I am collecting different kinds of data through each of their pages. What is the best way to store/pass the information from page1 to Page4 before its finally committed to the database?
Is it through hidden fields or through session or cookies etc?
What is the most practical way or a great practice to follow?
PS: I am hoping that this is a platform independent approach. I can code in coldfusion, asp & php
Say I have a 4 page website registration process. I am collecting different kinds of data through each of their pages. What is the best way to store/pass the information from page1 to Page4 before its finally committed to the database?
Is it through hidden fields or through session or cookies etc?
What is the most practical way or a great practice to follow?
PS: I am hoping that this is a platform independent approach. I can code in coldfusion, asp & php
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i said "session cookies" but i meant "session variables" (doh). Depending on how cookies are used they could introduce some degradation in performance (also persistent cookies are not intended to hold temporary data for website operation).
session variable are simple to code but they have the big negative that if the user gets distracted for one reason or another in the middle of the process the session will time out and the user will have to re-enter their info from the first few pages (this happens often).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it is definitely easier coding it using session variables but it is the inferior/lazier solution
I do not agree with you dave4dl.
If the user gets distracted on a long enough timeout (say, 15 minutes) then I think it's not a big issue losing the information, and it will happen on a small percentage of the userbase. On the other hand, if you have a lot of users then you are going to add lots of not needed stuff in your form, meaning longer download and parsing time.
There might be very good reasons not to use sessions (to support cookieless clients, for instance, or because you are expecting your users to be very very slow form-fillers as dave points out, conditions which can both happen in the real world) but as a general rule the "standard" solution is to use sessions.
If the user gets distracted on a long enough timeout (say, 15 minutes) then I think it's not a big issue losing the information, and it will happen on a small percentage of the userbase. On the other hand, if you have a lot of users then you are going to add lots of not needed stuff in your form, meaning longer download and parsing time.
There might be very good reasons not to use sessions (to support cookieless clients, for instance, or because you are expecting your users to be very very slow form-fillers as dave points out, conditions which can both happen in the real world) but as a general rule the "standard" solution is to use sessions.
I dont have any survey data other than my own experience but i have experienced irritating timeouts many times on websites and that very negatively impact my impression of those websites (if you could avoid it completely, even if it is not an issue for everyone, why would you not?)
On the performance end of things the extra download and parse time is on the order of tens or hundreds of milliseconds (depending on your situation) which is inconsequential. Using the hidden form fields you get the performance BENEFIT of not using memory resources on the server (although for a registration page this will also be inconsequential).
I agree that session variables are the "standard" solution in this case but this is one of those instances where there exists a better way than the standard. On a side note i am seeing more and more websites these days that are holding their user inputs in hidden fields between pages of multi-page forms (tax websites, experts exchange, online store registration).
The biggest negative to the form approach is the initial coding time and code maintenance time (which is actually a pretty big negative).
On the performance end of things the extra download and parse time is on the order of tens or hundreds of milliseconds (depending on your situation) which is inconsequential. Using the hidden form fields you get the performance BENEFIT of not using memory resources on the server (although for a registration page this will also be inconsequential).
I agree that session variables are the "standard" solution in this case but this is one of those instances where there exists a better way than the standard. On a side note i am seeing more and more websites these days that are holding their user inputs in hidden fields between pages of multi-page forms (tax websites, experts exchange, online store registration).
The biggest negative to the form approach is the initial coding time and code maintenance time (which is actually a pretty big negative).
Add to the negative list the XSS checks, since you are printing out user input. But yes, I admit that the performance argument isn't a strong one.
Since my last post i had another thought.
You could code it in such a way that it would handle adding or removing inputs with no new code to persist the data from page to page. This could also include generic xss tests. This somewhat mitigates the maintenance time issue.
Basically what it comes down to is that it depends on your situation. If you expect people to be using slow dial-up to access your website and you dont want them to wait any longer than they already have to (and your web server wasnt built in this millenium, i.e. it has enough memory) then paradoxEngine has the right answer. If you dont want people to have to deal with the form timing out and the other considerations are secondary (such as it taking a little longer to code in the first place and possibly longer to make changes to the form in the future) then go with my suggestion of the hidden form fields.
You could code it in such a way that it would handle adding or removing inputs with no new code to persist the data from page to page. This could also include generic xss tests. This somewhat mitigates the maintenance time issue.
Basically what it comes down to is that it depends on your situation. If you expect people to be using slow dial-up to access your website and you dont want them to wait any longer than they already have to (and your web server wasnt built in this millenium, i.e. it has enough memory) then paradoxEngine has the right answer. If you dont want people to have to deal with the form timing out and the other considerations are secondary (such as it taking a little longer to code in the first place and possibly longer to make changes to the form in the future) then go with my suggestion of the hidden form fields.
ASKER
Hi All,
Thank you so much for sharing your thoughts. You guys even broke it down further which was a big help. I think I will end up going the sessions way. But both cases have merit.
Thank you all once again...
Thank you so much for sharing your thoughts. You guys even broke it down further which was a big help. I think I will end up going the sessions way. But both cases have merit.
Thank you all once again...
ASKER