Solved

ColdFusion : Page/Form Sequences

Posted on 2013-06-17
14
311 Views
Last Modified: 2013-06-18
Hi Experts,

I have a user function that spans over 4 form/pages.  Let's say it's an application sign up process for argument sake.  Each page has Step 1, Step 2, Step 3, or Step 4 highlighted for the user.  "Next" and "Previous" buttons back the user up or submit the form for processing to the next step.

OK.  Question:  How do I ensure that someone on (say ) Page3, just came from Page2 and did not use a bookmark to get directly to the step?




I have a few of my own ideas but I don't want to say right now :)

FYI.  We are on ColdFusion 8.01 right now.  Going to 10 soon.

Thanks in advance,
hefterr
0
Comment
Question by:hefterr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 29

Accepted Solution

by:
Pravin Asar earned 250 total points
ID: 39254607
DO you manage the session ?

Set up ( or update) a session variable for "Step" once user completes a page

 [ you can delete the variable once a form has been successfully processed].

This may be used to indicate the last step  user visited.

If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39254762
Hi pravinasar,
This is basically what I do but users can navigate away and come back again.  I guess that's OK.

In Your example:
If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed


What happens if he is still on the same page (not yet completed)?  Perhaps you mean the next page not yet completed?  If on that page, then continue?  I will be redisplaying the same page when errors are found.

Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?
0
 
LVL 29

Assisted Solution

by:Pravin Asar
Pravin Asar earned 250 total points
ID: 39255889
Only after he completes  a step, you will update the session variable,
So based on the variable, you will send him to next step.

[if he not completed a the step, but revisits the page, this logic will send him to appropriate step.

You cannot modify the CGI variables, as these are passed with every request (post/get) from browser to server.

You can either use ColdFusion Session variables or Browser cookies.

Also another option is use ColdFusion client variables, which I think your case, is a overkill.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 1

Author Comment

by:hefterr
ID: 39256119
I guess what I meant by the CGI.referrer is that

<cfif not exisits  "form.mybutton">  first time in page
   <cfif CGI.referrer neq  LastPage>
      send user to 1st page
   </cfif
<cfif/>

hefterr
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 250 total points
ID: 39256167
Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?

Yes, it's not always present. Browsers or firewall software can block it from being sent at all.  Plus, since it comes from the client it can be spoofed. So you shouldn't use it for anything important.

Session variables or cookies are a better choice. Keep in mind someone could still clear cookies or close/reopen the browser and get back to the 1st page.  There's no 100% fool-proof way of preventing an unknown/anonymous user from going back to page 1. If the pages are protected by a login, then you'd have full control, but that's unlikely given that this is a sign-up form.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39256443
Hi agx,
I am using session variables,  just wanted to see how folks were using them exactly.

hefterr
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 250 total points
ID: 39256601
I never use referrer for anything but informational purposes. In this scenario I'd choose session variables too, but with the expectation that - absent authentication, nothing is going to be 100% foolproof.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39256943
Do you differentiate the first time into a program (no form variables exist) versus reprocessing of the page (form variables exist)?  The "first time" can be subverted by a cache version being used.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 250 total points
ID: 39257018
Yes and no.  If you're using POST, the submit can't be cached. The browser would warn that the page has expired and the data must be resent - though they could always click "yes" and re-submit the data.  What's your concern with a re-submit? In other words, what "bad" things would happen if you didn't prevent it? There may be ways around it, like storing the info in a temp table or session variables, but it depends on the problem scope...
0
 
LVL 1

Author Comment

by:hefterr
ID: 39257073
My first time into the page, I check to see if the page data needs to be migrated to the temp tables.  If the do a "repost from cache", this will be missed and an ABORT will occur when a variable is not found.

This is OK, I guess, as they will be sent to an application.CFC directed generic page and they are doing something they shouldn't.

OK - I think I have enough.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 250 total points
ID: 39257102
Unless I'm misunderstanding what you mean by "repost from cache", that's not what would happen.. If they click "yes" and re-post, the form variables will exist. So it won't appear any different than the initial submit.
0
 
LVL 1

Author Comment

by:hefterr
ID: 39257437
Hi agx,
Yes I understand.  That could cause me a problem when I do processing only on the initial display of the page (no form variables exist) - as this processing will be bypassed.

But that's somewhat the user's fault for trying to trick the system.
0
 
LVL 1

Author Closing Comment

by:hefterr
ID: 39257457
Thanks for your feedback.  This new point system just drove me nuts.  Sorry if I messed it up?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 39257606
>  when I do processing only on the initial display of the page

Doh! I misunderstood your last question. I thought you were asking about submitting twice .. but I see what you're getting at now.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question