• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

ColdFusion : Page/Form Sequences

Hi Experts,

I have a user function that spans over 4 form/pages.  Let's say it's an application sign up process for argument sake.  Each page has Step 1, Step 2, Step 3, or Step 4 highlighted for the user.  "Next" and "Previous" buttons back the user up or submit the form for processing to the next step.

OK.  Question:  How do I ensure that someone on (say ) Page3, just came from Page2 and did not use a bookmark to get directly to the step?




I have a few of my own ideas but I don't want to say right now :)

FYI.  We are on ColdFusion 8.01 right now.  Going to 10 soon.

Thanks in advance,
hefterr
0
hefterr
Asked:
hefterr
  • 7
  • 5
  • 2
6 Solutions
 
Pravin AsarCommented:
DO you manage the session ?

Set up ( or update) a session variable for "Step" once user completes a page

 [ you can delete the variable once a form has been successfully processed].

This may be used to indicate the last step  user visited.

If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed.
0
 
hefterrAuthor Commented:
Hi pravinasar,
This is basically what I do but users can navigate away and come back again.  I guess that's OK.

In Your example:
If session variable does not exist ?
   He started a fresh session, send him to Step 1
Else
   Take him to the last step he has completed


What happens if he is still on the same page (not yet completed)?  Perhaps you mean the next page not yet completed?  If on that page, then continue?  I will be redisplaying the same page when errors are found.

Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?
0
 
Pravin AsarCommented:
Only after he completes  a step, you will update the session variable,
So based on the variable, you will send him to next step.

[if he not completed a the step, but revisits the page, this logic will send him to appropriate step.

You cannot modify the CGI variables, as these are passed with every request (post/get) from browser to server.

You can either use ColdFusion Session variables or Browser cookies.

Also another option is use ColdFusion client variables, which I think your case, is a overkill.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
hefterrAuthor Commented:
I guess what I meant by the CGI.referrer is that

<cfif not exisits  "form.mybutton">  first time in page
   <cfif CGI.referrer neq  LastPage>
      send user to 1st page
   </cfif
<cfif/>

hefterr
0
 
_agx_Commented:
Do you every use the CGI.referrer variable?  I think I heard this is not always honored by all browsers?

Yes, it's not always present. Browsers or firewall software can block it from being sent at all.  Plus, since it comes from the client it can be spoofed. So you shouldn't use it for anything important.

Session variables or cookies are a better choice. Keep in mind someone could still clear cookies or close/reopen the browser and get back to the 1st page.  There's no 100% fool-proof way of preventing an unknown/anonymous user from going back to page 1. If the pages are protected by a login, then you'd have full control, but that's unlikely given that this is a sign-up form.
0
 
hefterrAuthor Commented:
Hi agx,
I am using session variables,  just wanted to see how folks were using them exactly.

hefterr
0
 
_agx_Commented:
I never use referrer for anything but informational purposes. In this scenario I'd choose session variables too, but with the expectation that - absent authentication, nothing is going to be 100% foolproof.
0
 
hefterrAuthor Commented:
Do you differentiate the first time into a program (no form variables exist) versus reprocessing of the page (form variables exist)?  The "first time" can be subverted by a cache version being used.
0
 
_agx_Commented:
Yes and no.  If you're using POST, the submit can't be cached. The browser would warn that the page has expired and the data must be resent - though they could always click "yes" and re-submit the data.  What's your concern with a re-submit? In other words, what "bad" things would happen if you didn't prevent it? There may be ways around it, like storing the info in a temp table or session variables, but it depends on the problem scope...
0
 
hefterrAuthor Commented:
My first time into the page, I check to see if the page data needs to be migrated to the temp tables.  If the do a "repost from cache", this will be missed and an ABORT will occur when a variable is not found.

This is OK, I guess, as they will be sent to an application.CFC directed generic page and they are doing something they shouldn't.

OK - I think I have enough.
0
 
_agx_Commented:
Unless I'm misunderstanding what you mean by "repost from cache", that's not what would happen.. If they click "yes" and re-post, the form variables will exist. So it won't appear any different than the initial submit.
0
 
hefterrAuthor Commented:
Hi agx,
Yes I understand.  That could cause me a problem when I do processing only on the initial display of the page (no form variables exist) - as this processing will be bypassed.

But that's somewhat the user's fault for trying to trick the system.
0
 
hefterrAuthor Commented:
Thanks for your feedback.  This new point system just drove me nuts.  Sorry if I messed it up?
0
 
_agx_Commented:
>  when I do processing only on the initial display of the page

Doh! I misunderstood your last question. I thought you were asking about submitting twice .. but I see what you're getting at now.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now