Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ColdFusion : Page/Form Sequences

Posted on 2013-06-17
14
Medium Priority
?
317 Views
Last Modified: 2013-06-18
Hi Experts,

I have a user function that spans over 4 form/pages.  Let's say it's an application sign up process for argument sake.  Each page has Step 1, Step 2, Step 3, or Step 4 highlighted for the user.  "Next" and "Previous" buttons back the user up or submit the form for processing to the next step.

OK.  Question:  How do I ensure that someone on (say ) Page3, just came from Page2 and did not use a bookmark to get directly to the step?




I have a few of my own ideas but I don't want to say right now :)

FYI.  We are on ColdFusion 8.01 right now.  Going to 10 soon.

Thanks in advance,
hefterr
0
Comment
Question by:hefterr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 29

Accepted Solution

by:
Pravin Asar earned 1000 total points
ID: 39254607
DO you manage the session ?

Set up ( or update) a session variable for "Step" once user completes a page

 [ you can delete the variable once a form has been successfully processed].

This may be used to indicate the last step  user visited.

If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39254762
Hi pravinasar,
This is basically what I do but users can navigate away and come back again.  I guess that's OK.

In Your example:
If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed


What happens if he is still on the same page (not yet completed)?  Perhaps you mean the next page not yet completed?  If on that page, then continue?  I will be redisplaying the same page when errors are found.

Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?
0
 
LVL 29

Assisted Solution

by:Pravin Asar
Pravin Asar earned 1000 total points
ID: 39255889
Only after he completes  a step, you will update the session variable,
So based on the variable, you will send him to next step.

[if he not completed a the step, but revisits the page, this logic will send him to appropriate step.

You cannot modify the CGI variables, as these are passed with every request (post/get) from browser to server.

You can either use ColdFusion Session variables or Browser cookies.

Also another option is use ColdFusion client variables, which I think your case, is a overkill.
0
[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

 
LVL 1

Author Comment

by:hefterr
ID: 39256119
I guess what I meant by the CGI.referrer is that

<cfif not exisits  "form.mybutton">  first time in page
   <cfif CGI.referrer neq  LastPage>
      send user to 1st page
   </cfif
<cfif/>

hefterr
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1000 total points
ID: 39256167
Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?

Yes, it's not always present. Browsers or firewall software can block it from being sent at all.  Plus, since it comes from the client it can be spoofed. So you shouldn't use it for anything important.

Session variables or cookies are a better choice. Keep in mind someone could still clear cookies or close/reopen the browser and get back to the 1st page.  There's no 100% fool-proof way of preventing an unknown/anonymous user from going back to page 1. If the pages are protected by a login, then you'd have full control, but that's unlikely given that this is a sign-up form.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39256443
Hi agx,
I am using session variables,  just wanted to see how folks were using them exactly.

hefterr
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1000 total points
ID: 39256601
I never use referrer for anything but informational purposes. In this scenario I'd choose session variables too, but with the expectation that - absent authentication, nothing is going to be 100% foolproof.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39256943
Do you differentiate the first time into a program (no form variables exist) versus reprocessing of the page (form variables exist)?  The "first time" can be subverted by a cache version being used.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1000 total points
ID: 39257018
Yes and no.  If you're using POST, the submit can't be cached. The browser would warn that the page has expired and the data must be resent - though they could always click "yes" and re-submit the data.  What's your concern with a re-submit? In other words, what "bad" things would happen if you didn't prevent it? There may be ways around it, like storing the info in a temp table or session variables, but it depends on the problem scope...
0
 
LVL 1

Author Comment

by:hefterr
ID: 39257073
My first time into the page, I check to see if the page data needs to be migrated to the temp tables.  If the do a "repost from cache", this will be missed and an ABORT will occur when a variable is not found.

This is OK, I guess, as they will be sent to an application.CFC directed generic page and they are doing something they shouldn't.

OK - I think I have enough.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1000 total points
ID: 39257102
Unless I'm misunderstanding what you mean by "repost from cache", that's not what would happen.. If they click "yes" and re-post, the form variables will exist. So it won't appear any different than the initial submit.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39257437
Hi agx,
Yes I understand.  That could cause me a problem when I do processing only on the initial display of the page (no form variables exist) - as this processing will be bypassed.

But that's somewhat the user's fault for trying to trick the system.
0
 
LVL 1

Author Closing Comment

by:hefterr
ID: 39257457
Thanks for your feedback.  This new point system just drove me nuts.  Sorry if I messed it up?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 39257606
>  when I do processing only on the initial display of the page

Doh! I misunderstood your last question. I thought you were asking about submitting twice .. but I see what you're getting at now.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question