Storing form data as a temporary session

Question

I have looked at Storing Form Data as a Session Variable, but nobody said how to undo the session once the user leaves that form. For me, once the session is set it is constantly set (until logged out I presume). So Username field for example will always have "test" in it if I unsuccessfully OR successfully submit the form with "test" in it and then just go to some other links. Here's what I've got:

$_SESSION['temp_username'] = $_POST['username'];

score 3 · Accepted Answer · answered Aug 27 '12 at 21:25

3

Just clear the session data when it is not needed. You can do an unset against your temporary variables.

But for the same reason, I think it would be better to store the form one level deeper:

$_SESSION['formdata'] = $_POST; // Save the form

Then you can retrieve username as $_SESSION['formdata']['username'] or unset $_SESSION['formdata'].

answered Aug 27 '12 at 21:25

LSerni

55,617
10
65
107

Great, thank you. However, when should I unset it? How can I determine when the user has left the form page? – Justin Aug 27 '12 at 21:40
1

You may either use a timer - after a given number of seconds, `formdata` is sent to data heaven - or you may leave it where it is: why should other pages bother with `$_SESSION['formdata']` after all? The important thing is not to pollute the base `$_SESSION` data; and you'd only set, e.g., `$_SESSION['is_Administrator']`, if the conditions were right. – LSerni Aug 27 '12 at 21:47

score 2 · Answer 2 · answered Aug 27 '12 at 21:24

2

You can use $_SESSION['temp_username'] = null, (or somet other default value) or unset().

answered Aug 27 '12 at 21:24

Explosion Pills

188,624
52
326
405

score 1 · Answer 3 · answered Aug 27 '12 at 21:26

1

you could always unset() $_SESSION['temp_username'] once your done with it.

unset($_SESSION['temp_username'])

or you could call session_unset() to clear all the session data.

answered Aug 27 '12 at 21:26

devilsansclue

179
1
9

score 0 · Answer 4 · answered Nov 22 '14 at 21:52

I wrote something to address this. Basically, I set form data to a session variable. If the HTTP referrer is different from the name of the PHP script, the session variable resets it to a new array. Otherwise, it merges in new data into the existing form data. The script also lets you set default values, and it sanitizes input.

You could probably alter this to wipe or unset the session value, but this worked for me.

$form = array();

if(isset($_SESSION['form']) && isset($_SERVER['HTTP_REFERER']) && strrpos($_SERVER['HTTP_REFERER'], $_SERVER['SCRIPT_NAME']) !== false) {
    $form = $_SESSION['form'];
}

if(isset($_SESSION['defaults']) && is_array($_SESSION['defaults'])) {
    $defaults = $_SESSION['defaults'];
    unset($_SESSION['defaults']);
}
else {
    $defaults = array();
}
function addValues($arr, &$form) {
    foreach($arr as $key=>$value) {
        $form[$key] = mysql_real_escape_string(strip_tags(stripslashes($value)));
    }
}
if(sizeof($_POST) > 0) {
    addValues($_POST, $form);
}
if(sizeof($_GET) > 0) {
    addValues($_GET, $form);
}
$_SESSION['form'] = array_merge($defaults, $form);

Usage:

$_SESSION['defaults'] = array(
    'button'=>'first'
);
include_once "formdata.php";

...

<form>
    <p>Form data for button (always a valid index): <?php echo $_SESSION['form']['button'] ?></p>
    <button value="test" name="button" type="submit">Test</button>
</form>

Note that this allows great shorthand for forms where you don't have to test for indices and use if statements to switch between default and form values to set form values on initial load and post-back.

Storing form data as a temporary session

4 Answers4